<div dir="ltr">It is defined under the application itself, so I it's under the scope. This should be working right?</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Jul 29, 2014 at 11:59 AM, Bill Burke <span dir="ltr"><<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">What kind of role is it? Is the new role defined under the<br>
"database-service" application? If not, then you must add this role to<br>
the "database-service"'s scope in the admin console.<br>
<div class=""><br>
On 7/29/2014 10:51 AM, Rodrigo Sasaki wrote:<br>
> Hi,<br>
><br>
> I'm trying to secure a bearer-only application with keycloak, to access<br>
> it with access tokens, but I think I'm missing something.<br>
><br>
> I tried it with the database-service of the unconfigured demo.<br>
><br>
> 1. I created the user role in the application.<br>
> 2. I assigned that role to my user<br>
> 3. I copied the contents of the installation json to<br>
</div>> *webapp/META-INF/keycloak.json*<br>
<div class="">><br>
> {<br>
> "realm": "demo",<br>
> "realm-public-key":<br>
> "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwRayjzh7W+EfPaeSdyXWLyXof7c3fwD7vb0AEtG+ogLHtMkYiTdX9y/JXOmXwWDzGhx7NM3Q6vkCG0F3lZqOVsSlYH56c5+Ev4QmSGK/+6e+WcZMcgmscoz1OoXKom4+pzqMey42hqdwwMhkvCq/jxJSmUGnZJQuqEKVH00NZ1wIDAQAB",<br>
> "bearer-only": true,<br>
> "ssl-not-required": true,<br>
> "resource": "database-service",<br>
> "use-resource-role-mappings": true<br>
> }<br>
><br>
</div>> 4. Set the auth-method to *KEYCLOAK* on web.xml<br>
> 5. Started the server deploying the *database-service*<br>
> 6. Generated a token using *security-admin-console* client_id and my user<br>
> 7. Submitted a GET request to /localhost:8080/database/customers/<br>
<div class="">><br>
> After these steps I get a 403 error, saying that I'm not authorized to<br>
> access the resource, wasn't this supposed to work?<br>
><br>
> --<br>
> Rodrigo Sasaki<br>
><br>
><br>
</div>> _______________________________________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
><br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</font></span></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr"><font face="Times New Roman">Rodrigo Sasaki</font><div></div></div>
</div>