I encountered this late last week and created a JIRA for it, but in
retrospect I should probably have brought it up on the list as well.
https://issues.jboss.org/browse/KEYCLOAK-8134
briefly, for a uma 2.0 managed realm, I am seeing inconsistent behavior
when getting an RPT. When I request an RPT for the uma grant type
(urn:ietf:params:oauth:grant-type:uma-ticket) the policy/permissions are
not evaluated unless I specify some combination of resources/scopes for the
permission parameter(s).
I was expecting an unfiltered RPT to come back with permissions that are
specifically granted by policy as well as those granted by UMA2. As it is,
I have worked around it by specifying all of the "scope permissions's"
scopes (without resources) in the permission params. e.g.
...&permission=#edit&permission=#view&permission=#owner
I am encountering this on 4.1.0.Final and it appears to be present in
latest (4.3.0.Final)
Is this expected behavior?
--
Gary Schulte I Software Engineer
OpenGov
505-750-4279
gary.schulte(a)opengov.com
www.opengov.com
Silicon Valley
<
https://www.google.com/maps/place/OpenGov+Inc/@37.4859652,-122.2121292,15...
| Washington DC
<
https://www.google.com/maps/place/1875+Connecticut+Ave+NW,+Washington,+DC...
<
https://www.google.com/maps/place/1875+Connecticut+Ave+NW,+Washington,+DC...
<
https://www.linkedin.com/company/opengov-inc>
<
https://www.facebook.com/opengovinc>