Hi Pedro,
Did you check item (1) as described below? Is that a bug?
Ori.
-----Original Message-----
From: keycloak-user-bounces(a)lists.jboss.org <keycloak-user-bounces(a)lists.jboss.org>
On Behalf Of Ori Doolman
Sent: Sunday, June 16, 2019 1:39 PM
To: Pedro Igor Silva <psilva(a)redhat.com>; Rafael Tovar. <rafatov10(a)gmail.com>
Cc: keycloak-user <keycloak-user(a)lists.jboss.org>
Subject: Re: [keycloak-user] authorizationSettings not in response
Pedro,
Please ignore 2nd question. It seems to work well with partial name after all.
So only the first one remains - is that a bug?
Ori.
________________________________
From: keycloak-user-bounces(a)lists.jboss.org <keycloak-user-bounces(a)lists.jboss.org>
on behalf of Ori Doolman <Ori.Doolman(a)cyberark.com>
Sent: Sunday, June 16, 2019 1:04 PM
To: Pedro Igor Silva; Rafael Tovar.
Cc: keycloak-user
Subject: Re: [keycloak-user] authorizationSettings not in response
Pedo,
When I call the authz/resource-server/settings endpoint, I get the full list of all
entities.
That works great if I later want to update the settings using the
/authz/resource-server/import endpoint.
But /settings might become too big and I only want to update my permissions (specific
ones, actually).
Hence, I call the /policy endpoint.
But then I get partial entity information for the scope-based permission, not similar to
the one I get with /settings. The "config" object data is missing.
1) Is that a bug? You can see below both payloads.
2) Can I filter permissions by name contains "mySubstring" ? Seems that /search
does not support that but only exact name match by /search?name="name"
Here is /settings call:
"policies": [
{
"id": "a10db0d8-993a-4f34-9082-350033ed8dff",
"name": "set-03",
"type": "scope",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"resources": "[\"set-01\"]",
"scopes": "[\"read\",\"write\"]",
"applyPolicies": "[\"userPolicy\"]"
}
}
Here is what I get from /policy endpoint:
{
"id": "a10db0d8-993a-4f34-9082-350033ed8dff",
"name": "set-03",
"type": "scope",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {}
}
________________________________
From: keycloak-user-bounces(a)lists.jboss.org <keycloak-user-bounces(a)lists.jboss.org>
on behalf of Ori Doolman <Ori.Doolman(a)cyberark.com>
Sent: Thursday, June 6, 2019 4:22 PM
To: Pedro Igor Silva; Rafael Tovar.
Cc: keycloak-user
Subject: Re: [keycloak-user] authorizationSettings not in response
Great. I was looking for that as well. I don't think it is documented.
How do you manipulate the authorization entities by REST API?
For example, add a resource or a scope, modify policy etc.
-----Original Message-----
From: keycloak-user-bounces(a)lists.jboss.org <keycloak-user-bounces(a)lists.jboss.org>
On Behalf Of Pedro Igor Silva
Sent: Thursday, June 6, 2019 3:43 PM
To: Rafael Tovar. <rafatov10(a)gmail.com>
Cc: keycloak-user <keycloak-user(a)lists.jboss.org>
Subject: Re: [keycloak-user] authorizationSettings not in response
Hi,
Please, append the following path to your URI: "
/authz/resource-server/settings".
Regards.
Pedro Igor
On Thu, Jun 6, 2019 at 8:41 AM Rafael Tovar. <rafatov10(a)gmail.com> wrote:
Hi everybody,
I'm trying to get the authorization settings of a client, but its not
coming in the response of the request.
This is the request im doing:
https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8080_a
uth_admin_realms_master_clients_c8e32bbc-2D72e6-2D4c30-2D827f-2D41ee51
980433_&d=DwICAg&c=E55fojPA83XrPGfndbiaQQ&r=o_QF9VVN9H4LTRTYF8YMPkr6mG
Z6BOo1SvoOkvu0tBw&m=DLpa-D1y8zX1Cq0Hewm4RRkmQbD8mMhJa1vurH06wdY&s=9-yp
A5J1MC05KhyJ0Wt2UjBualwKUwejLvPXS4JUB0w&e=
and this is the response:
{
"id": "c8e32bbc-72e6-4c30-827f-41ee51980433",
"clientId": "api",
"surrogateAuthRequired": false,
"enabled": true,
"clientAuthenticatorType": "client-secret",
"redirectUris": [
"*"
],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": true,
"authorizationServicesEnabled": true,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"saml.assertion.signature": "false",
"saml.force.post.binding": "false",
"saml.multivalued.roles": "false",
"saml.encrypt": "false",
"saml.server.signature": "false",
"saml.server.signature.keyinfo.ext": "false",
"exclude.session.state.from.auth.response": "false",
"saml_force_name_id_format": "false",
"saml.client.signature": "false",
"tls.client.certificate.bound.access.tokens": "false",
"saml.authnstatement": "false",
"display.on.consent.screen": "false",
"saml.onetimeuse.condition": "false"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"protocolMappers": [
{
"id": "97330e11-24df-40ce-9335-51d5126d4059",
"name": "Client Host",
"protocol": "openid-connect",
"protocolMapper": "oidc-usersessionmodel-note-mapper",
"consentRequired": false,
"config": {
"user.session.note": "clientHost",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "clientHost",
"jsonType.label": "String"
}
},
{
"id": "9e45c71d-63f9-4d15-a3b2-e8064a569041",
"name": "Client ID",
"protocol": "openid-connect",
"protocolMapper": "oidc-usersessionmodel-note-mapper",
"consentRequired": false,
"config": {
"user.session.note": "clientId",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "clientId",
"jsonType.label": "String"
}
},
{
"id": "1e3f6604-a22e-4b0b-b5d8-ffaa501c142f",
"name": "Client IP Address",
"protocol": "openid-connect",
"protocolMapper": "oidc-usersessionmodel-note-mapper",
"consentRequired": false,
"config": {
"user.session.note": "clientAddress",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "clientAddress",
"jsonType.label": "String"
}
}
],
"defaultClientScopes": [
"web-origins",
"role_list",
"profile",
"roles",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
],
"access": {
"view": true,
"configure": true,
"manage": true
}
}
Thanks,
Rafael.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_m
ailman_listinfo_keycloak-2Duser&d=DwICAg&c=E55fojPA83XrPGfndbiaQQ&r=o_
QF9VVN9H4LTRTYF8YMPkr6mGZ6BOo1SvoOkvu0tBw&m=DLpa-D1y8zX1Cq0Hewm4RRkmQb
D8mMhJa1vurH06wdY&s=ftNZFS0MmIPo6qHQ5UK6NWEyvM23zQzIkjIKnmWtB7I&e=
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_mail...
----------------------------------------------------------------------
_______________________________________________
This e-mail may contain information that is confidential, privileged or otherwise
protected from disclosure.
If you are not an intended recipient of this e-mail, do not duplicate or redistribute it
by any means. Please delete it and any attachments and notify the sender that you have
received it in error.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_mail...
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_mail...
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_mail...