tokenParsed can help upto some extent, but in keycloak autorization we can
create different kind of policies like Role,Javascript, Client, Time, User,
Aggregated, Group. A policy is a condition if it evaluates to true access
allowed. If we implement this conditions at client side it requires lot of
efforts and
these conditions are hard coded, if i want to change the condition again i
need to do code change and deploy again. but in keycloak I can go to admin
console and change the rule, so whenever token is refreshed new condition
can be applied.
On Fri, Jan 4, 2019 at 2:53 PM Alex Chatziparaskewas <
alex.chatziparaskewas(a)trapezegroup.com> wrote:
Hi Hari,
So, have a look into the ‘tokenParsed’ attribute and let me know if it
helped you (we might need the same at some point in time).
Thanks & Regards,
Alex
No, it is not related to remember me.
When i saw you question I thought you already working on javascript
adapter and can help me.
On Fri, Jan 4, 2019 at 2:35 PM Alex Chatziparaskewas <
alex.chatziparaskewas(a)trapezegroup.com> wrote:
Hi Hari,
Nope, we are not using roles. Once a user is authenticated he is as well
fully authorised. Anyhow, although we have not gone down that path yet,
check the ‘tokenParsed’ attribute of the keycloak instance object (just log
them for starters). It shows some information about access/resource roles
associated with the current user.
Question from my side: has this anything to do with my original question
about updating the ‘remember me’ session?
Thanks & Regards,
Alex
Hi *Alex Chatziparaskewas,*
*Thanks for your reply.*
*I am not asking about authentication part, in am asking about
authorization part.*
*For example i want to enable access for a URI(mypoject/test-resource) to
users who have ROLE 'TEST' ,in the keycloak i can do that in Authorization
tab*
*of a myclient.*
That means when a user is logged in he can access URI '
*mypoject/test-resource*' only if he has ROLE 'TEST' other wise will be
given error saying access denied.
This settings working fine with backend applications like java
webapps/springboot apps, but not working with javascript/Angular apps. If
you know how to make it work or have sample project let me know.
On Fri, Jan 4, 2019 at 12:18 PM Alex Chatziparaskewas <
alex.chatziparaskewas(a)trapezegroup.com> wrote:
Hi Hari,
On the server side the resources are protected by a keycloak gatekeeper
proxy instance, e.g. our server (at this time) is unaware of security
aspects. On the client side the login process goes past keycloak’s login
and registration pages, i.e. the javascript adapter initialises, attempts
authentication (redirects to login page if unsuccessful) and then does a
periodic updateToken.
Thanks & Regards,
Alex
Hi *Alex Chatziparaskewas,*
*i know you are using javascript adapter for authentication(for login),
can we use javascript adapter for authorization also like resource
protection.*
--
Thanks & Regards,
Hari Prasad N
Senior Software Engineer
-------------------------------------------------
Ramyam Intelligence Lab Pvt. Ltd.,
Part of Arvato
3rd & 5th Floors, Mithra Towers, 10/4, Kasturba Road,
Bangalore – 560001, Karnataka, India.
Phone: +91 80 67269266
Mobile: +91 7022156319
E-Mail: *hariprasad.n**(a)ramyamlab.co <
http://ramyamlab.co>m*
*www.ramyamlab.com* <
http://www.ramyamlab.com/>
--
Thanks & Regards,
Hari Prasad N
Senior Software Engineer
-------------------------------------------------
Ramyam Intelligence Lab Pvt. Ltd.,
Part of Arvato
3rd & 5th Floors, Mithra Towers, 10/4, Kasturba Road,
Bangalore – 560001, Karnataka, India.
Phone: +91 80 67269266
Mobile: +91 7022156319
E-Mail: *hariprasad.n**(a)ramyamlab.co <
http://ramyamlab.co>m*
*www.ramyamlab.com* <
http://www.ramyamlab.com/>
--
Thanks & Regards,
Hari Prasad N
Senior Software Engineer
-------------------------------------------------
Ramyam Intelligence Lab Pvt. Ltd.,
Part of Arvato
3rd & 5th Floors, Mithra Towers, 10/4, Kasturba Road,
Bangalore – 560001, Karnataka, India.
Phone: +91 80 67269266
Mobile: +91 7022156319
E-Mail: *hariprasad.n**(a)ramyamlab.co <
http://ramyamlab.co>m*
*www.ramyamlab.com* <
http://www.ramyamlab.com/>
--
Thanks & Regards,
Hari Prasad N
Senior Software Engineer
-------------------------------------------------
Ramyam Intelligence Lab Pvt. Ltd.,
Part of Arvato
3rd & 5th Floors, Mithra Towers, 10/4, Kasturba Road,
Bangalore – 560001, Karnataka, India.
Phone: +91 80 67269266
Mobile: +91 7022156319
E-Mail: *hariprasad.n(a)ramyamlab.co <