Thanks for the bug report, something is indeed going wrong with this
property. Just a side note : in my blog post I use Realm Roles not Client
Roles as you suggest.
On Wed, Oct 25, 2017 at 6:14 AM, Jeff Larsen <jlar310(a)gmail.com> wrote:
I filed a bug report:
https://issues.jboss.org/browse/KEYCLOAK-5743
On Tue, Oct 24, 2017 at 10:45 PM, Jeff Larsen <jlar310(a)gmail.com> wrote:
> One last follow-up. If I hack my yaml and use the fully qualified form
>
> keycloak.use-resource-role-mappings: false
>
> It works. Go figure.
>
> On Tue, Oct 24, 2017 at 10:39 PM, Jeff Larsen <jlar310(a)gmail.com> wrote:
>
>> No I have not, however, I continued to dig after sending my original
>> question.
>>
>> In the RedHat demo example I mentioned, I modified the SecurityConfig
>> class to override the resolve() method in the KeycloakConfigResolver
bean.
>>
>> By intercepting the KeycloakDeployment object returned by resolve(), I
>> was able to log out the value of isUserResourceRoleMappings() and found
it
>> to be set to true no matter what was in my config file. However, in that
>> same override I am also able to call setUseResourceRoleMappings(false)
>> and wouldn't you know it, my realm roles worked.
>>
>> I was using an application.yaml file that looks like this:
>>
>> keycloak:
>> auth-server-url:
https://auth.example.com/auth
>> realm: example
>> public-client: true
>> resource: my-resource
>> use-resource-role-mappings: false
>>
>> However, if i convert it to a standard properties file, the
>> use-resource-role-mappings property works as expected. So all the
>> properties in the yaml (or at at least the critical ones) are
correctly
>> read, but use-resource-role-mappings is not.
>>
>> So, bug? Missing feature? Seems that if any yaml works, it should all
>> work.
>>
>> Jeff
>>
>> On Tue, Oct 24, 2017 at 9:57 PM, Bruno Oliveira <bruno(a)abstractj.org>
>> wrote:
>>
>>> Hi Jeff, out of curiosity, have you tried the quickstarts
>>>
https://github.com/keycloak/keycloak-quickstarts/tree/master ?
>>>
>>> On Wed, Oct 25, 2017 at 12:24 AM Jeff Larsen <jlar310(a)gmail.com>
wrote:
>>>
>>>> We are trying to use keycloak auth on a Spring Boot app as
demonstrated
>>>> on
>>>> this page:
>>>>
>>>>
https://developers.redhat.com/blog/2017/05/25/easily-secure-
>>>> your-spring-boot-applications-with-keycloak/
>>>>
>>>> Everything works fine as long as I use client roles. However, our user
>>>> base
>>>> is in Active Directory. We have successfully created a role mapper for
>>>> the
>>>> realm to convert AD groups to realm roles. However, we can't get
the
>>>> above
>>>> example to work with realm roles. We intend to use the realm roles
>>>> across
>>>> several clients so we don't want to map them to each client config
>>>> individually.
>>>>
>>>> This documentation:
>>>>
>>>>
http://www.keycloak.org/docs/3.2/securing_apps/topics/oidc/
>>>> java/java-adapter-config.html
>>>>
>>>> claims that the property use-resource-role-mappings controls whether
>>>> client
>>>> or realm roles are used. However, whether that property is set to true
>>>> or
>>>> false we are only seeing client resource roles work in the demo app.
>>>>
>>>> We are using Keycloak 3.2.1.Final and setting the property in Spring
as
>>>> keycloak.use-client-role-mappings = false. I'm especially
frustrated
>>>> because the docs say it defaults to realm roles if the property is not
>>>> present and we're not seeing that behavior either.
>>>>
>>>> Are we doing something wrong? What are we missing? Maybe a bug?
>>>>
>>>> Thanks,
>>>>
>>>> Jeff
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user(a)lists.jboss.org
>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>
>>
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user