Hi,

I'm trying to switch realm-level to application-level roles with no success. To isolate the issue i decided to try on the example customer-app and database-service applications and see how it goes. No luck again.

Here is what i do and fails:

1. I'm using keycloak 1.2.0.Final

2. I've added "use-resource-role-mappings"->true to keycloak json of both customer-app and database-service app.

3. I edited 'customer-portal' and 'database-service' clients and added a 'user' application level role.

4. I edited bburke@redhat.com user. Removed the realm-level 'user' role and added 'user' application-level roles for customer-portal and database-service clients.

After i login and try to see customers listing i get a 'Forbidden' response. If i add 'user' realm-level role to bburke@redhat.com everything works normally as if use-resource-role-mapping was ignored.

Any ideas ?

Is there any additional action i should perform ?