You answered it. I was not familiar with the whole setting list. My
question was: does something in the ui make the setting change or is it a
manual setup?
I think you are saying it is only manual and it is fine.
It would probably best for future version to have all these extra adapter
setting avail. From admin UI so people has the switch/checkbox or input
form to make direct application change to the json
Moreover since you have a download installation button and a json setting
viewer
Le mercredi 16 décembre 2015, Johan Bos <johan.bos(a)c6.eu> a écrit :
oh when you said:
use-resource-role-mappings
it is only available through the keycloak.json
Nothing from Keycloak Admin UI allows you to set the options, so have the installation
file ready with everything ?
Regards,
Johan Bos
Le 16/12/2015 16:33, Johan Bos a écrit :
So it is one or the other.
The switch is at realm level or per clients?
As I tend to make realm role for securing the clients only and
client/resource roles for internal client management, I should be fine
Still It would help to have some merging/mapping so from client we don't
have to so much rely on KeyCloak implementation to test roles... Issue is
that realm role can have same name as client role. But once there is always
some pitfall to avoid.
Thanks
Regards,
Johan Bos
Le 16/12/2015 15:45, Bill Burke a écrit :
See use-resource-role-mappings switch:
If set to true, the getResourceAccess("resource-name") roles will be
mapped into isUserInRole, otherwise getRealmAccess is mapped into
isUserInRole
Not the best I know. We've been meaning to add some sort of role
mapping facility to the adapter.
On 12/16/2015 9:17 AM, Johan Bos wrote:
Why is HttpRequest.isUserInRole(<role>) not capable to return true when
the role is present in the AccessToken.getRealmAccess?
Regards,
Johan Bos
Le 16/12/2015 15:09, Bill Burke a écrit :
AccessToken.getResourceAccess or AccessToken.getRealmAccess
On 12/16/2015 4:51 AM, Tim Dudgeon wrote:
Its not clear to me how you get the assigned roles from the AccessToken.
For instance, is the realm has configured the user to have roles "user"
and "editor" how do I find these in the AccessToken?
Tim
On 07/12/2015 02:53, Bill Burke wrote:
For Java HttpServletRequest.isUserInRole() works. If you typecast the
principal to KeycloakPrincipal you can obtain the AccessToken.
On 12/6/2015 5:39 PM, Pavel Maslov wrote:
Hi everyone,
Do Keycloak adapters support user authorization? I mean, of course
they
do :) For example, the API I have secured with Keycloak receives a
Keycloak access token from the client. How can I validate the token
(check user roles) in my code? I am interested in the Java
(wildfly) and
Javascript adapters.
Manually I am using jwt.io <
http://jwt.io> <
http://jwt.io> to check the
token. I am
just
curious if the Keycloak adapters support smth similar out of the box.
Thank you for your answers.
Regards,
Pavel Maslov, MS
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
<javascript:_e(%7B%7D,'cvml','keycloak-user@lists.jboss.org');>
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
<javascript:_e(%7B%7D,'cvml','keycloak-user@lists.jboss.org');>
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
<javascript:_e(%7B%7D,'cvml','keycloak-user@lists.jboss.org');>
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing listkeycloak-user(a)lists.jboss.org
<javascript:_e(%7B%7D,'cvml','keycloak-user@lists.jboss.org');>https://lists.jboss.org/mailman/listinfo/keycloak-user