10:39 p.m.
No I have not, however, I continued to dig after sending my original
question.
In the RedHat demo example I mentioned, I modified the SecurityConfig class
to override the resolve() method in the KeycloakConfigResolver bean.
By intercepting the KeycloakDeployment object returned by resolve(), I was
able to log out the value of isUserResourceRoleMappings() and found it to
be set to true no matter what was in my config file. However, in that same
override I am also able to call setUseResourceRoleMappings(false) and
wouldn't you know it, my realm roles worked.
I was using an application.yaml file that looks like this:
keycloak:
auth-server-url: https://auth.example.com/auth
realm: example
public-client: true
resource: my-resource
use-resource-role-mappings: false
However, if i convert it to a standard properties file, the
use-resource-role-mappings property works as expected. So all the
properties in the yaml (or at at least the critical ones) are correctly
read, but use-resource-role-mappings is not.
So, bug? Missing feature? Seems that if any yaml works, it should all work.
Jeff
On Tue, Oct 24, 2017 at 9:57 PM, Bruno Oliveira <bruno(a)abstractj.org> wrote:
Hi Jeff, out of curiosity, have you tried the quickstarts
https://github.
com/keycloak/keycloak-quickstarts/tree/master ?
On Wed, Oct 25, 2017 at 12:24 AM Jeff Larsen <jlar310(a)gmail.com> wrote:
> We are trying to use keycloak auth on a Spring Boot app as demonstrated on
> this page:
>
> https://developers.redhat.com/blog/2017/05/25/easily-secure-
> your-spring-boot-applications-with-keycloak/
>
> Everything works fine as long as I use client roles. However, our user
> base
> is in Active Directory. We have successfully created a role mapper for the
> realm to convert AD groups to realm roles. However, we can't get the above
> example to work with realm roles. We intend to use the realm roles across
> several clients so we don't want to map them to each client config
> individually.
>
> This documentation:
>
> http://www.keycloak.org/docs/3.2/securing_apps/topics/oidc/
> java/java-adapter-config.html
>
> claims that the property use-resource-role-mappings controls whether
> client
> or realm roles are used. However, whether that property is set to true or
> false we are only seeing client resource roles work in the demo app.
>
> We are using Keycloak 3.2.1.Final and setting the property in Spring as
> keycloak.use-client-role-mappings = false. I'm especially frustrated
> because the docs say it defaults to realm roles if the property is not
> present and we're not seeing that behavior either.
>
> Are we doing something wrong? What are we missing? Maybe a bug?
>
> Thanks,
>
> Jeff
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>