10:58 a.m.
Hi,
We have a web application which uses keycloak as its authentication server.
Currently, we have enabled keycloak only at our client side which is an
angular code. We would like to enable the keycloak security for our rest
services as well. So we did the following,
1. Created a new client in our realm for backend services with access type
"bearer-only".
2. Configured keycloak adapter in wildfly where our backend rest services
are deployed.
3. Added keycloak.json file of backend services client.
4. Logged into our application through our angular client and got the token.
5. Tried accessing the backend rest api with the access token sent as part
of header as below.
Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJiMjc0ZTY3My0yOTg1LT
QwNmEtOWE0YS1...
Getting* 403 Forbidden access* error while invoking the rest service even
though the user has the required roles set. Please help us in resolving the
issue.
Regards,
Ganga Lakshmanasamy
9:59 p.m.
You can take a look at our demo examples, which contains the scenario
like this.
The possible tips:
- Try to see what roles accessToken really contains on your angular side
and if it really contains the requested roles. Maybe you're missing
"scope" for roles?
- If roles are in accessToken, then doublecheck if they are correctly
mapped on your backend rest service side to the JEE roles. For example
see adapter option "use-resource-role-mappings"
Marek
On 12/09/16 17:58, Ganga Lakshmanasamy wrote:
Hi,
We have a web application which uses keycloak as its authentication
server. Currently, we have enabled keycloak only at our client side
which is an angular code. We would like to enable the keycloak
security for our rest services as well. So we did the following,
1. Created a new client in our realm for backend services with access
type "bearer-only".
2. Configured keycloak adapter in wildfly where our backend rest
services are deployed.
3. Added keycloak.json file of backend services client.
4. Logged into our application through our angular client and got the
token.
5. Tried accessing the backend rest api with the access token sent as
part of header as below.
Authorization: Bearer
eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJiMjc0ZTY3My0yOTg1LTQwNmEtOWE0YS1...
Getting*403 Forbidden access* error while invoking the rest service
even though the user has the required roles set. Please help us in
resolving the issue.
Regards,
Ganga Lakshmanasamy
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3040
days inactive
3041
days old
1 comments
2 participants
participants (2)
-
Ganga Lakshmanasamy -
Marek Posolda