Re: [keycloak-user] shared UMA 2.0 resource & scope based policies

Wednesday, 16 January 2019

Hi Marek,

Which version of Keycloak are you using?

I tried to reproduce the problem using upstream and the evaluation tool
looks correct by reporting only album:view. The same goes if obtaining an
RPT from the token endpoint.

On Wed, Jan 16, 2019 at 12:21 AM Marek Lindner <mareklindner(a)neomailbox.ch&gt;
wrote:

...
 On Wednesday, 16 January 2019 00:54:43 HKT Lamina, Marco wrote:
 > I've had a similar problem, it might be related to this:
 >
 > https://issues.jboss.org/browse/KEYCLOAK-9093

 It may be related but I am not 100% sure yet.

 What do your policies & permissions look like ? If you compare your
 evaluation
 screenshot and mine you can see that my keycloak has a policy installed
 which
 forbids non-owners to access the resource. That DENY policy is overruled
 due
 to some unrelated scope.

 In your case there seems to be no DENY at all. Could be you have an 'allow
 everybody' policy in place. Keycloak comes with such default policies you
 may
 want to look into.

 Cheers,
 Marek
 _______________________________________________
 keycloak-user mailing list
 keycloak-user(a)lists.jboss.org
 https://lists.jboss.org/mailman/listinfo/keycloak-user 

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

Re: [keycloak-user] shared UMA 2.0 resource & scope based policies