5:55 a.m.
curl -X POST \
-H "Content-Type: application/x-www-form-urlencoded" \
-d
"client_id=admin-cli&username=admin&password=xxx&grant_type=password"
\
https://keycloak.fin.uniquedomain/auth/realms/master/protocol/openid-
connect/token | jq
I am using the access_token as bearer token in the ADMIN REST interface:
curl -v -X POST \
-H "Content-Type:application/json" \
-H 'Authorization: bearer xxxxx' \
-d '{
"clientId": "test_client",
"name": "test_client",
"rootUrl": "",
"adminUrl": "",
"surrogateAuthRequired": false,
"enabled": true,
"clientAuthenticatorType": "client-secret",
"redirectUris": [
"/*"
],
"webOrigins": [
"/*"
],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": true,
"authorizationServicesEnabled": true,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"fullScopeAllowed": true,
"authorizationSettings":
{
"allowRemoteResourceManagement": true,
"policyEnforcementMode": "ENFORCING",
"resources": [
{
"name": "Default Resource",
"uri": "/*",
"type": "urn:test_client:resources:default",
"typedScopes": []
}
],
"policies": [
{
"name": "Default Policy",
"description": "A policy that grants access only for users
within
this realm",
"type": "js",
"logic": "POSITIVE",
"decisionStrategy": "AFFIRMATIVE",
"config": {
"code": "// by default, grants any permission associated with
this policy\n$evaluation.grant();\n"
}
},
{
"name": "Default Permission",
"description": "A permission that applies to the default
resource
type",
"type": "resource",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"defaultResourceType":
"urn:test_client:resources:default",
"default": "true",
"applyPolicies": "[\"Default Policy\"]"
}
}
],
"scopes": []
}
}' \
https://keycloak.fin.uniquedomain/auth/admin/realms/myrealm/clients
The client is added correctly, and it is now a resource with the authZ
resources and permissions, but under Authorization - Settings, Remote
Resource Management is still off.
Am 09.03.2017 12:49 nachm. schrieb "Pedro Igor Silva"
<psilva(a)redhat.com>:
What are you using to call the API ?
On Thu, Mar 9, 2017 at 7:17 AM, Sven Thoms <sven.thoms(a)gmail.com> wrote:
> Both on the POST and PUT for client, with authorizationservicesenabled Set
> to true, I cannot set
>
> allowRemoteResourceManagement
>
> to true. It is as if the Admin REST interface just ignores that setting.
>
> Can anyone confirm and possibly explain, please?
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>