Re: [keycloak-user] Authorization: Upgrading to keycloak 4.4 results in {"error":"invalid_scope", "error_description":"Requires uma_protection scope."}

Please, check if your client is granted with a "uma_protection" client role. I think client roles were not being exported correctly and we fixed that in the latest release. On Thu, Oct 4, 2018 at 11:12 AM Bruce Wings <testoauth55(a)gmail.com&gt; wrote: > I have upgraded from keycloak 4.3 to keycloak 4.4. I ahve exported the > realm from 4.3 and imported in 4.4. > > The "policy-enforcer": {} in keycloak.json results in *403 > : {"error":"invalid_scope","error_description":"Requires uma_protection > scope."}* > > In keycloak 4.3 everything works fine. I have exported realm and used with > keycloak 4.4, but the policy-enforcer does not work. Is there some extra > step that is needed apart from exporting and importing json? > If I remove policy-enforcer line the app works fine. > > *APP code:* > final String KEYCLOAK_JSON = //json path; > InputStream config = > > Thread.currentThread().getContextClassLoader().getResourceAsStream(KEYCLOAK_JSON); > KeycloakInstalled keycloak = new KeycloakInstalled(config); > > > > *Stack trace thrown at the time of starting app:* > > java.lang.RuntimeException: Could not find resource > Logged in... > at > > org.keycloak.authorization.client.util.Throwables.handleWrapException(Throwables.java:45) > at > > org.keycloak.authorization.client.resource.ProtectedResource.findAll(ProtectedResource.java:228) > at > > org.keycloak.adapters.authorization.PolicyEnforcer.configureAllPathsForResourceServer(PolicyEnforcer.java:225) > at > > org.keycloak.adapters.authorization.PolicyEnforcer.configurePaths(PolicyEnforcer.java:157) > at > > org.keycloak.adapters.authorization.PolicyEnforcer.<init>(PolicyEnforcer.java:77) > at > > org.keycloak.adapters.KeycloakDeploymentBuilder.internalBuild(KeycloakDeploymentBuilder.java:143) > at > > org.keycloak.adapters.KeycloakDeploymentBuilder.build(KeycloakDeploymentBuilder.java:152) > at > > org.keycloak.adapters.installed.KeycloakInstalled.<init>(KeycloakInstalled.java:94) > at > > com.cadence.adw.common.auth.AuthenticationTest.main(AuthenticationTest.java:138) > Caused by: org.keycloak.authorization.client.AuthorizationDeniedException: > org.keycloak.authorization.client.util.HttpResponseException: Unexpected > response from server: 403 / Forbidden / Response from server: > {"error":"invalid_scope","error_description":"Requires uma_protection > scope."} > at > > org.keycloak.authorization.client.util.Throwables.handleAndWrapHttpResponseException(Throwables.java:96) > at > > org.keycloak.authorization.client.util.Throwables.handleWrapException(Throwables.java:42) > at > > org.keycloak.authorization.client.util.Throwables.retryAndWrapExceptionIfNecessary(Throwables.java:87) > at > > org.keycloak.authorization.client.resource.ProtectedResource.find(ProtectedResource.java:181) > at > > org.keycloak.authorization.client.resource.ProtectedResource.findAll(ProtectedResource.java:226) > ... 7 more > Caused by: org.keycloak.authorization.client.util.HttpResponseException: > Unexpected response from server: 403 / Forbidden / Response from server: > {"error":"invalid_scope","error_description":"Requires uma_protection > scope."} > at > > org.keycloak.authorization.client.util.HttpMethod.execute(HttpMethod.java:95) > at > > org.keycloak.authorization.client.util.HttpMethodResponse$2.execute(HttpMethodResponse.java:50) > at > > org.keycloak.authorization.client.resource.ProtectedResource$4.call(ProtectedResource.java:175) > at > > org.keycloak.authorization.client.resource.ProtectedResource$4.call(ProtectedResource.java:172) > at > > org.keycloak.authorization.client.resource.ProtectedResource.find(ProtectedResource.java:179) > ... 8 more > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user >