Hi,

I've created a realm, and a default role in that realm called "user". I then created a client and added an application role to the client. I've set "use-resource-role-mappings" to true in the keycloak.json file inside my war file.

I attempt to access a path that is protected by the role "user", and log in with an account that has both the realm role "user" and the application role "mdc-staff", and I'm redirected to my 403 page, meaning the "user" role didn't seem to be available to the user. When I attempt to access a path protected by the "mdc-staff" role, i don't get a 403, meaning that the application specific role is available.

Is there something I need to do to enable both realm and application level roles available to the user when I login? This is very key for us to implementing SSO for different client secured by the same realm. I thought "Full Scopes Allowed" was not enabled, but it was and still things don't work as expected.

Cheers.