7:06 a.m.
Hi. Sorry by the question but i have a problem that i can’t solve.
I’m using “Pure Client Javascript Adapter” and a APPLICATION WITH “Full
Scope Allowed OFF, and Assigned Roles ”.
When i do “*keycloak.init({ onLoad: ‘login-required’ })*” the login page
shows, but there accept all user accounts, I need login just users with
Assigned Roles on Scope”. Is there a bug? how can i solve my problem?
Thanks for all.
--
Carlos E. Feria Vila
7:17 a.m.
Hi,
javascript application itself always accept all authenticated users,
there is no authorization check of roles done in javascript adapter
inside browser after authentication. But after successful
authentication, your javascript app will receive accessToken and this
token will have only roles limited by scopes you configured. Basically
the roles in access token is intersection of:
- roles, which user is assigned to
- roles, configured by scope mapping of your application
The access token can then be used for REST calls and authorization of
the token and granted roles is done by these rest calls.
Marek
On 8.12.2014 14:06, Carlos Feria wrote:
Hi. Sorry by the question but i have a problem that i can’t solve.
I’m using “Pure Client Javascript Adapter” and a APPLICATION WITH
“Full Scope Allowed OFF, and Assigned Roles ”.
When i do “*keycloak.init({ onLoad: ‘login-required’ })*” the login
page shows, but there accept all user accounts, I need login just
users with Assigned Roles on Scope”. Is there a bug? how can i solve
my problem? Thanks for all.
--
Carlos E. Feria Vila
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3684
days inactive
3684
days old
1 comments
2 participants
participants (2)
-
Carlos Feria -
Marek Posolda