12:04 p.m.
Dear All,
In the documentation I read about the Realm and Resource Roles
Under "2.2.1. Permission scopes³ you can read:
"The role mappings contained within the token are the intersection between
the set of user role mappings and the permission scope
of the client. So, access tokens are tailor made for each client and
contain only the information required for by them.³
Further, under "8.1. General Adapter Configuration³, you read
"use-resource-role-mappings³ If set to true, the adapter will look inside
the token for application level role mappings for the user.
If false, it will look at the realm level for user role mappings. This is
OPTIONAL. The default value is false
I would like to understand how to use it and how to configure it, but I
cannot find anything in the documentation nor in the tips of the Console.
Can anybody give me a pointer to more information?
Thank you,
Giovanni
8:24 a.m.
In the admin console you can manage realm roles from the "Roles" link in
the menu on the left hand side. Further you can manage roles for a client
(service) by finding the client first, it then has a tab for roles. For
clients (front-ends) there's a scope tab that let's you control what roles
the client is allowed to obtain.
Once you've done that a client that receives a token will contain the roles
the user and client is permitted to have. When this token is sent to the
service the adapter then checks if the token contains the required roles.
The service can either use realm roles (global roles) or roles specific to
itself (client roles, which is enabled by
setting use-resource-role-mappings to true in the keycloak.json file for
the service).
Does that answer your questions?
On 4 January 2016 at 19:04, Giovanni Baruzzi <giovanni.baruzzi(a)syntlogo.de>
wrote:
Dear All,
In the documentation I read about the Realm and Resource Roles
Under "2.2.1. Permission scopes“ you can read:
"The role mappings contained within the token are the intersection
between the set of user role mappings and the permission scope
of the client. So, access tokens are tailor made for each client and
contain only the information required for by them.“
Further, under "8.1. General Adapter Configuration“, you read
"use-resource-role-mappings“ If set to true, the adapter will look inside
the token for application level role mappings for the user.
If false, it will look at the realm level for user role mappings. This is
OPTIONAL. The default value is false
I would like to understand how to use it and how to configure it, but I
cannot find anything in the documentation nor in the tips of the Console.
Can anybody give me a pointer to more information?
Thank you,
Giovanni
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3296
days inactive
3298
days old
1 comments
2 participants
participants (2)
-
Giovanni Baruzzi -
Stian Thorgersen