I am using keycloak and have assigned some global roles (TOUPPER and REVERSE) to a user. The decoded access token looks like this...
{
"jti" : "0a0541f2-9b74-4a41-b862-a20a3cbc2bcb",
"exp" : 1464097823,
"nbf" : 0,
"iat" : 1464097523,
"iss" : "https://my.keycloak.com/auth/realms/TenantA",
"aud" : "test-client",
"sub" : "20974f13-8272-4cd5-a172-5c8de4cdc782",
"typ" : "Bearer",
"azp" : "test-client",
"nonce" : "C_D0xDSCytoFaopJoYZu36BJcb6eMR2Xeg8VGP2nxeQ",
"session_state" : "b625d171-e01d-462c-9d01-d159b9b75635",
"name" : "",
"preferred_username" : "anthony",
"client_session" : "80b0ac34-5ee8-41f2-97da-649cf1abbd81",
"allowed-origins" : [ ],
"realm_access" : {
"roles" : [ "TOUPPER", "REVERSE" ]
},
"resource_access" : { },
"groups" : [ "tenantA/brandA", "tenantA" ]
}
I'm now trying to configure mod_auth_openidc authorization on some url paths based on the roles in the "realm_access"."roles" path of the token. I've tried this configuration...
<Location /glomex-mds-webapp/api/v1/secure/demo/toupper>
AuthType openid-connect
#Require valid-user
Require claim realm_access.roles:TOUPPER
</Location>
This doesn't seem to work though. Is it possible to use json path syntax for claim authorization?
Hello group,Just wanted to let you know that I build a small example [0] thatdemonstrates the usage of Keycloak with mod_auth_oidc [1]with Docker + Apache + PHP.Works like a charm :)Cheers,Thomas
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user