Hello all!

I'm trying to follow the tutorial for the oAuth2 plugin [1] but I had some issues.

The authentication policy worked fine! After adding the second policy (Authorization) I get the following response error

HTTP/1.1 500 Internal Server Error
Connection: keep-alive
Content-Length: 238
Content-Type: application/json
Date: Tue, 25 Aug 2015 21:12:31 GMT
Server: WildFly/8
X-Policy-Failure-Code: 10010
X-Policy-Failure-Message: No roles have been extracted during authentication. Make sure the authorization policy comes *after* a compatible authentication policy in your configuration.
X-Policy-Failure-Type: Other
X-Powered-By: Undertow/1

{
"failureCode": 10010,
"headers": {},
"message": "No roles have been extracted during authentication. Make sure the authorization policy comes *after* a compatible authentication policy in your configuration.",
"responseCode": 0,
"type": "Other"
}

but my JWT access_token appears to be right. I mean, I can see the roles in it. See my access_toke decoded:

{
"preferred_username": "rincewind",
"name": "",
"resource_access": {
"account": {
"roles": [
"manage-account",
"view-profile"
]
}
},
"realm_access": {
"roles": [
"echomeister"
]
},
"allowed-origins": [],
"client_session": "b25536e6-4331-46fd-afe1-b0adf766b533",
"session_state": "213e75e1-bf8b-4f0c-808e-683fb3a4c1de",
"jti": "43c59d9a-b659-4708-a1da-968ea23004d7",
"exp": 1440536956,
"nbf": 0,
"iat": 1440536656,
"iss": "http://127.0.0.1:8080/auth/realms/stottie",
"aud": "apiman",
"sub": "de4af322-85b2-4dbe-8d53-6a2ee29e4080",
"azp": "apiman"
}

As you can see the "echomeister" realm_role is there...

What this response message means?

[1] http://www.apiman.io/blog/gateway/security/oauth2/keycloak/authentication/authorization/2015/06/09/keycloak-oauth2.html

________________________
Rafael Torres Coelho Soares