Hi, On Keycloak 8.0.1, I am not able to get the app-auth-photoz example working. https://github.com/keycloak/keycloak-quickstarts/tree/latest/app-authz-ph... I have followed the ReadMe instructions. Configurations were successful. When I login to http://localhost:8080/photoz-html5-client as alice/alice. At the bottom of the page, I got the message : "You can not access or perform the requested operation on this resource" On "My Profile" page, same message at the bottom. "Name" and "Total of albums" information are not set. On "Create an Album" page, I enter an album name and click Save. I got the message : "You can not access or perform the requested operation on this resource". Nothing in the logs. Any help is welcome. Regards, Philippe Rouvray _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user

Hi, Keycloak was launched with -Dkeycloak.profile.feature.upload_scripts=enabled. Authorizations have been successfully uploaded. I had a closer look at Firefox web console (following Bruno's advice) and all my calls from photoz-html5-client to photoz-restful-api end up with code 403. For example : http://localhost:8080/photoz-restful-api/album POST & GET or http://localhost:8080/photoz-restful-api/album/shares GET... It explains the message : "You can not access or perform the requested operation on this resource" I get. Rgds, Philippe Le lun. 9 déc. 2019 à 19:18, Pedro Igor Silva <psilva(a)redhat.com&gt; a écrit : > Hi,, > > Last week someone reported a similar issue. We figured out that the > errors were due to the server not importing the authorization settings file > because the `upload_scripts` feature is now disabled by default. > > Could you check if starting the server with the `-Dkeycloak.profile.feature.upload_scripts=enabled` > solves the issue? > > Regards. > Pedro Igor > > On Mon, Dec 9, 2019 at 11:34 AM Philippe ROUVRAY <prouvray(a)janua.fr&gt; > wrote: > >> Hi, >> >> On Keycloak 8.0.1, I am not able to get the app-auth-photoz example >> working. >> >> https://github.com/keycloak/keycloak-quickstarts/tree/latest/app-authz-ph... >> >> I have followed the ReadMe instructions. Configurations were successful. >> >> When I login to http://localhost:8080/photoz-html5-client as >> alice/alice. >> At the bottom of the page, I got the message : "You can not access or >> perform the requested operation on this resource" >> >> On "My Profile" page, same message at the bottom. "Name" and "Total of >> albums" information are not set. >> >> On "Create an Album" page, I enter an album name and click Save. I got >> the >> message : "You can not access or perform the requested operation on this >> resource". >> >> Nothing in the logs. >> >> Any help is welcome. >> >> Regards, >> >> Philippe Rouvray >> _______________________________________________ >> keycloak-user mailing list >> keycloak-user(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-user >> >>

Prerequisites Keycloak is up and running on port 8180. WildFly server is up and running on port 8080. Keycloak OIDC adapter is installed on WildFly. 1) import $KEYCLOAK_QUICKSTARTS/app-authz-photoz/photoz-realm.json in Keycloak 2) Build the example : cd $KEYCLOAK_QUICKSTARTS/app-authz-photoz mvn clean install 3) import $KEYCLOAK_QUICKSTARTS/app-authz-photoz/photoz-restful-api/target/classes/photoz-restful-api-authz-service.json in Keycloak 4) Deploy photoz-html5-client on WildFly cd $KEYCLOAK_QUICKSTARTS/app-authz-photoz/photoz-html5-client mvn clean install wildfly:deploy 5) Deploy photoz-restful-api on WildFly cd $KEYCLOAK_QUICKSTARTS/app-authz-photoz/photoz-restful-api mvn clean install wildfly:deploy 6) Test the application Go to http://localhost:8080/photoz-html5-client Le lun. 9 déc. 2019 à 20:29, Pedro Igor Silva <psilva(a)redhat.com&gt; a écrit : > I just tested again and it works for me. Not sure what I may be missing. > Maybe if you describe the steps you are taking from the beginning, we can > sort it out. > > On Mon, Dec 9, 2019 at 4:06 PM Philippe ROUVRAY <prouvray(a)janua.fr&gt; > wrote: > >> Hi, >> >> Keycloak was launched with -Dkeycloak.profile.feature.upload_scripts=enabled. >> Authorizations have been successfully uploaded. >> I had a closer look at Firefox web console (following Bruno's advice) >> and all my calls from photoz-html5-client to photoz-restful-api end up with >> code 403. For example : http://localhost:8080/photoz-restful-api/album >> POST & GET or http://localhost:8080/photoz-restful-api/album/shares >> GET... >> It explains the message : "You can not access or perform the requested >> operation on this resource" I get. >> >> Rgds, >> >> Philippe >> >> Le lun. 9 déc. 2019 à 19:18, Pedro Igor Silva <psilva(a)redhat.com&gt; a >> écrit : >> >>> Hi,, >>> >>> Last week someone reported a similar issue. We figured out that the >>> errors were due to the server not importing the authorization settings file >>> because the `upload_scripts` feature is now disabled by default. >>> >>> Could you check if starting the server with the `-Dkeycloak.profile.feature.upload_scripts=enabled` >>> solves the issue? >>> >>> Regards. >>> Pedro Igor >>> >>> On Mon, Dec 9, 2019 at 11:34 AM Philippe ROUVRAY <prouvray(a)janua.fr&gt; >>> wrote: >>> >>>> Hi, >>>> >>>> On Keycloak 8.0.1, I am not able to get the app-auth-photoz example >>>> working. >>>> >>>> https://github.com/keycloak/keycloak-quickstarts/tree/latest/app-authz-ph... >>>> >>>> I have followed the ReadMe instructions. Configurations were >>>> successful. >>>> >>>> When I login to http://localhost:8080/photoz-html5-client as >>>> alice/alice. >>>> At the bottom of the page, I got the message : "You can not access or >>>> perform the requested operation on this resource" >>>> >>>> On "My Profile" page, same message at the bottom. "Name" and "Total of >>>> albums" information are not set. >>>> >>>> On "Create an Album" page, I enter an album name and click Save. I got >>>> the >>>> message : "You can not access or perform the requested operation on >>>> this >>>> resource". >>>> >>>> Nothing in the logs. >>>> >>>> Any help is welcome. >>>> >>>> Regards, >>>> >>>> Philippe Rouvray >>>> _______________________________________________ >>>> keycloak-user mailing list >>>> keycloak-user(a)lists.jboss.org >>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>>> >>>>

Yes, I installed the adapter on Wildfly. I tried with the source code from Master branch. No change : All the calls to http://localhost:8080/photoz-restful-api/ APIs fail with code 403 (Forbidden). Find below the access token sent with http://localhost:8080/photoz-restful-api/profile call : { "jti": "dd969b95-92f7-47fe-b255-452778ae2a2c", "exp": 1575978333, "nbf": 0, "iat": 1575978033, "iss": "http://localhost:8180/auth/realms/photoz", "aud": [ "photoz-restful-api", "account" ], "sub": "2c24edc9-d0c0-422c-beed-e3464309644a", "typ": "Bearer", "azp": "photoz-html5-client", "nonce": "a65527c6-ee99-4583-8abe-b2d4a2f37b43", "auth_time": 1575978032, "session_state": "9be144c7-62f3-4dcd-950a-43ae1780202d", "acr": "1", "allowed-origins": [ "*" ], "realm_access": { "roles": [ "uma_authorization", "user" ] }, "resource_access": { "photoz-restful-api": { "roles": [ "manage-albums" ] }, "account": { "roles": [ "manage-account", "manage-account-links" ] } }, "scope": "openid profile email", "email_verified": false, "name": "Alice In Chains", "preferred_username": "alice", "given_name": "Alice", "family_name": "In Chains", "email": &quot;alice(a)keycloak.org&quot; } Le lun. 9 déc. 2019 à 22:53, Pedro Igor Silva <psilva(a)redhat.com&gt; a écrit : > That is weird, the same steps here.... > > Did you install the elytron adapters? > > I'm using quickstarts from upstream/master branch, what about you? > > I would suspect that something is happening when executing the client > side JS ... No errors in browser logs ? > > On Mon, Dec 9, 2019 at 5:06 PM Philippe ROUVRAY <prouvray(a)janua.fr&gt; > wrote: > >> Prerequisites >> >> Keycloak is up and running on port 8180. >> WildFly server is up and running on port 8080. >> Keycloak OIDC adapter is installed on WildFly. >> >> 1) import $KEYCLOAK_QUICKSTARTS/app-authz-photoz/photoz-realm.json in >> Keycloak >> >> 2) Build the example : >> cd $KEYCLOAK_QUICKSTARTS/app-authz-photoz >> mvn clean install >> >> 3) import >> $KEYCLOAK_QUICKSTARTS/app-authz-photoz/photoz-restful-api/target/classes/photoz-restful-api-authz-service.json >> in Keycloak >> >> 4) Deploy photoz-html5-client on WildFly >> cd $KEYCLOAK_QUICKSTARTS/app-authz-photoz/photoz-html5-client >> mvn clean install wildfly:deploy >> >> 5) Deploy photoz-restful-api on WildFly >> cd $KEYCLOAK_QUICKSTARTS/app-authz-photoz/photoz-restful-api >> mvn clean install wildfly:deploy >> >> 6) Test the application >> Go to http://localhost:8080/photoz-html5-client >> >> Le lun. 9 déc. 2019 à 20:29, Pedro Igor Silva <psilva(a)redhat.com&gt; a >> écrit : >> >>> I just tested again and it works for me. Not sure what I may be >>> missing. Maybe if you describe the steps you are taking from the beginning, >>> we can sort it out. >>> >>> On Mon, Dec 9, 2019 at 4:06 PM Philippe ROUVRAY <prouvray(a)janua.fr&gt; >>> wrote: >>> >>>> Hi, >>>> >>>> Keycloak was launched with -Dkeycloak.profile.feature.upload_scripts=enabled. >>>> Authorizations have been successfully uploaded. >>>> I had a closer look at Firefox web console (following Bruno's advice) >>>> and all my calls from photoz-html5-client to photoz-restful-api end up with >>>> code 403. For example : http://localhost:8080/photoz-restful-api/album >>>> POST & GET or http://localhost:8080/photoz-restful-api/album/shares >>>> GET... >>>> It explains the message : "You can not access or perform the requested >>>> operation on this resource" I get. >>>> >>>> Rgds, >>>> >>>> Philippe >>>> >>>> Le lun. 9 déc. 2019 à 19:18, Pedro Igor Silva <psilva(a)redhat.com&gt; a >>>> écrit : >>>> >>>>> Hi,, >>>>> >>>>> Last week someone reported a similar issue. We figured out that the >>>>> errors were due to the server not importing the authorization settings file >>>>> because the `upload_scripts` feature is now disabled by default. >>>>> >>>>> Could you check if starting the server with the `-Dkeycloak.profile.feature.upload_scripts=enabled` >>>>> solves the issue? >>>>> >>>>> Regards. >>>>> Pedro Igor >>>>> >>>>> On Mon, Dec 9, 2019 at 11:34 AM Philippe ROUVRAY <prouvray(a)janua.fr&gt; >>>>> wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> On Keycloak 8.0.1, I am not able to get the app-auth-photoz example >>>>>> working. >>>>>> >>>>>> https://github.com/keycloak/keycloak-quickstarts/tree/latest/app-authz-ph... >>>>>> >>>>>> I have followed the ReadMe instructions. Configurations were >>>>>> successful. >>>>>> >>>>>> When I login to http://localhost:8080/photoz-html5-client as >>>>>> alice/alice. >>>>>> At the bottom of the page, I got the message : "You can not access or >>>>>> perform the requested operation on this resource" >>>>>> >>>>>> On "My Profile" page, same message at the bottom. "Name" and "Total >>>>>> of >>>>>> albums" information are not set. >>>>>> >>>>>> On "Create an Album" page, I enter an album name and click Save. I >>>>>> got the >>>>>> message : "You can not access or perform the requested operation on >>>>>> this >>>>>> resource". >>>>>> >>>>>> Nothing in the logs. >>>>>> >>>>>> Any help is welcome. >>>>>> >>>>>> Regards, >>>>>> >>>>>> Philippe Rouvray >>>>>> _______________________________________________ >>>>>> keycloak-user mailing list >>>>>> keycloak-user(a)lists.jboss.org >>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>>>>> >>>>>>