We have a web application which uses keycloak as its authentication server. Currently, we have enabled keycloak only at our client side which is an angular code. We would like to enable the keycloak security for our rest services as well. So we did the following,

1. Created a new client in our realm for backend services with access type "bearer-only".

2. Configured keycloak adapter in wildfly where our backend rest services are deployed.

3. Added keycloak.json file of backend services client.

4. Logged into our application through our angular client and got the token.

5. Tried accessing the backend rest api with the access token sent as part of header as below.

Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJiMjc0ZTY3My0yOTg1LTQwNmEtOWE0YS1...

Getting 403 Forbidden access error while invoking the rest service even though the user has the required roles set. Please help us in resolving the issue.

Regards,

Ganga Lakshmanasamy