[keycloak-user] shared UMA 2.0 resource & scope based policies
Marek Lindner
mareklindner at neomailbox.ch
Wed Jan 16 06:51:03 EST 2019
On Wednesday, 16 January 2019 19:38:45 HKT Pedro Igor Silva wrote:
> Here it is.
Thanks! The difference between your evaluation test and mine appears to be
that you tested the shared scope.
To summarize:
a) Alice does allow Bob to perform album:view.
b) Alice does not allow Bob to perform album:modify.
When Bob tries to access album:view I'd expect PERMIT whereas when
album:modify is attempted DENY should be the result. Do we agree ?
I attached screenshots for both evaluation attempts. Both (view and modify)
yield PERMIT. That should not be the case or am I missing something ?
Regards,
Marek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bob_album_modify.png
Type: image/png
Size: 38115 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20190116/6c3d92dc/attachment-0002.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bob_album_view.png
Type: image/png
Size: 40756 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20190116/6c3d92dc/attachment-0003.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part.
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20190116/6c3d92dc/attachment-0001.bin
More information about the keycloak-user
mailing list