[keycloak-user] Authz - Problem stacking entitlmenets

Hi I am trying to stack all permissions from two different confidential clients via entitelments API. Steps: 1. Get access token for public client 2. Get entitlements for client 1: Authorization: Bearer access_token grant_type: urn:ietf:params:oauth:grant-type:uma-ticket audience: client1 Returns RPT with all resources owned by user on client1. Works as expected. 3. Get entitlements for client 2 Authorization: Bearer access_token grant_type: urn:ietf:params:oauth:grant-type:uma-ticket audience: client2 rpt: {{rpt from step 2}} Response: forbidden 403 {     "error": "access_denied",     "error_description": "not_authorized" } If I remove rpt parameter I get all permissions for client 2 as expected. What is the reason for 403? Why would rpt param result in 403, isn't it is supposed to be there just to stack additional permissions? Must be some additional checks which I am not aware of. What are they? reference doc: https://www.keycloak.org/docs/4.6/authorization_services/#_service_obtain... Best regards