Re: [keycloak-user] Using Keycloak with Apache and mod_auth_oidc

>>>

I am using keycloak and have assigned some global roles (TOUPPER and REVERSE) to a user. The decoded access token looks like this... { "jti" : "0a0541f2-9b74-4a41-b862-a20a3cbc2bcb", "exp" : 1464097823, "nbf" : 0, "iat" : 1464097523, "iss" : "https://my.keycloak.com/auth/realms/T <https://keycloak.cyberavenue.com.au/auth/realms/Glomex>enantA";, "aud" : "test-client", "sub" : "20974f13-8272-4cd5-a172-5c8de4cdc782", "typ" : "Bearer", "azp" : "test-client", "nonce" : "C_D0xDSCytoFaopJoYZu36BJcb6eMR2Xeg8VGP2nxeQ", "session_state" : "b625d171-e01d-462c-9d01-d159b9b75635", "name" : "", "preferred_username" : "anthony", "client_session" : "80b0ac34-5ee8-41f2-97da-649cf1abbd81", "allowed-origins" : [ ], "realm_access" : { "roles" : [ "TOUPPER", "REVERSE" ] }, "resource_access" : { }, "groups" : [ "tenantA/brandA", "tenantA" ] } I'm now trying to configure mod_auth_openidc authorization on some url paths based on the roles in the "realm_access"."roles" path of the token. I've tried this configuration... <Location /glomex-mds-webapp/api/v1/secure/demo/toupper> AuthType openid-connect #Require valid-user Require claim realm_access.roles:TOUPPER </Location> This doesn't seem to work though. Is it possible to use json path syntax for claim authorization?

Hello group, Just wanted to let you know that I build a small example [0] that demonstrates the usage of Keycloak with mod_auth_oidc [1] with Docker + Apache + PHP. Works like a charm :) Cheers, Thomas [0] https://github.com/thomasdarimont/keycloak_mod_auth_oidc_example [1] https://github.com/pingidentity/mod_auth_openidc _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user