8 p.m.
I receive a http error 403 when accessing a bearer-only resource with
Postman that is secured with keycloak.
The user has the needed role.
Debug logs: BEARER AUTHENTICATED.
What could be the problem here?
*Application.properties*
keycloak.realm=myrealm
keycloak.bearer-only=true
keycloak.auth-server-url=http://localhost:8080/auth
keycloak.ssl-required=external
keycloak.resource=my-app
keycloak.use-resource-role-mappings=true
keycloak.securityConstraints[0].securityCollections[0].name=secured
keycloak.securityConstraints[0].authRoles[0]=app-user
keycloak.securityConstraints[0].securityCollections[0].patterns[0]=/secured/*
logging.level.org.keycloak=DEBUG
*Postman*
http://localhost:8081/secured/posts/0/10
Authorization: Bearer aDSFla56s...
*Debug*
2017-07-11 19:53:41.306 DEBUG 22556 --- [nio-8081-exec-1]
o.k.adapters.PreAuthActionsHandler : adminRequest
http://localhost:8081/secured/posts/0/10
2017-07-11 19:53:41.313 DEBUG 22556 --- [nio-8081-exec-1]
o.k.a.a.ClientCredentialsProviderUtils : Using provider 'secret' for
authentication of client 'my-app'
2017-07-11 19:53:41.314 DEBUG 22556 --- [nio-8081-exec-1]
o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider
secret
2017-07-11 19:53:41.315 DEBUG 22556 --- [nio-8081-exec-1]
o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider
jwt
2017-07-11 19:53:41.317 DEBUG 22556 --- [nio-8081-exec-1]
o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider
secret
2017-07-11 19:53:41.317 DEBUG 22556 --- [nio-8081-exec-1]
o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider
jwt
2017-07-11 19:53:41.354 DEBUG 22556 --- [nio-8081-exec-1]
o.keycloak.adapters.KeycloakDeployment : resolveUrls
2017-07-11 19:53:41.356 DEBUG 22556 --- [nio-8081-exec-1]
o.k.adapters.KeycloakDeploymentBuilder : Use authServerUrl:
http://localhost:8080/auth, tokenUrl:
http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/token,
relativeUrls: NEVER
2017-07-11 19:53:41.631 DEBUG 22556 --- [nio-8081-exec-1]
o.k.a.rotation.JWKPublicKeyLocator : Realm public keys successfully
retrieved for client my-app. New kids: [NsYwvDAUJYY3ioS9-0mpo]
2017-07-11 19:53:41.641 DEBUG 22556 --- [nio-8081-exec-1]
o.k.adapters.RequestAuthenticator : User
'c1ed6bf7-5dd-988-94fab8ecf' invoking '
http://localhost:8081/secured/posts/0/10' on client 'my-app'
2017-07-11 19:53:41.642 DEBUG 22556 --- [nio-8081-exec-1]
o.k.adapters.RequestAuthenticator : *Bearer AUTHENTICATED*
10:09 a.m.
Could you try to add this as well ?
keycloak.public-client=true
On Tue, Jul 11, 2017 at 8:00 PM, Dennis H <dennishonders(a)gmail.com> wrote:
I receive a http error 403 when accessing a bearer-only resource
with
Postman that is secured with keycloak.
The user has the needed role.
Debug logs: BEARER AUTHENTICATED.
What could be the problem here?
*Application.properties*
keycloak.realm=myrealm
keycloak.bearer-only=true
keycloak.auth-server-url=http://localhost:8080/auth
keycloak.ssl-required=external
keycloak.resource=my-app
keycloak.use-resource-role-mappings=true
keycloak.securityConstraints[0].securityCollections[0].name=secured
keycloak.securityConstraints[0].authRoles[0]=app-user
keycloak.securityConstraints[0].securityCollections[0].
patterns[0]=/secured/*
logging.level.org.keycloak=DEBUG
*Postman*
http://localhost:8081/secured/posts/0/10
Authorization: Bearer aDSFla56s...
*Debug*
2017-07-11 19:53:41.306 DEBUG 22556 --- [nio-8081-exec-1]
o.k.adapters.PreAuthActionsHandler : adminRequest
http://localhost:8081/secured/posts/0/10
2017-07-11 19:53:41.313 DEBUG 22556 --- [nio-8081-exec-1]
o.k.a.a.ClientCredentialsProviderUtils : Using provider 'secret' for
authentication of client 'my-app'
2017-07-11 19:53:41.314 DEBUG 22556 --- [nio-8081-exec-1]
o.k.a.a.ClientCredentialsProviderUtils : Loaded
clientCredentialsProvider
secret
2017-07-11 19:53:41.315 DEBUG 22556 --- [nio-8081-exec-1]
o.k.a.a.ClientCredentialsProviderUtils : Loaded
clientCredentialsProvider
jwt
2017-07-11 19:53:41.317 DEBUG 22556 --- [nio-8081-exec-1]
o.k.a.a.ClientCredentialsProviderUtils : Loaded
clientCredentialsProvider
secret
2017-07-11 19:53:41.317 DEBUG 22556 --- [nio-8081-exec-1]
o.k.a.a.ClientCredentialsProviderUtils : Loaded
clientCredentialsProvider
jwt
2017-07-11 19:53:41.354 DEBUG 22556 --- [nio-8081-exec-1]
o.keycloak.adapters.KeycloakDeployment : resolveUrls
2017-07-11 19:53:41.356 DEBUG 22556 --- [nio-8081-exec-1]
o.k.adapters.KeycloakDeploymentBuilder : Use authServerUrl:
http://localhost:8080/auth, tokenUrl:
http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/token,
relativeUrls: NEVER
2017-07-11 19:53:41.631 DEBUG 22556 --- [nio-8081-exec-1]
o.k.a.rotation.JWKPublicKeyLocator : Realm public keys successfully
retrieved for client my-app. New kids: [NsYwvDAUJYY3ioS9-0mpo]
2017-07-11 19:53:41.641 DEBUG 22556 --- [nio-8081-exec-1]
o.k.adapters.RequestAuthenticator : User
'c1ed6bf7-5dd-988-94fab8ecf' invoking '
http://localhost:8081/secured/posts/0/10' on client 'my-app'
2017-07-11 19:53:41.642 DEBUG 22556 --- [nio-8081-exec-1]
o.k.adapters.RequestAuthenticator : *Bearer AUTHENTICATED*
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
10:24 a.m.
I had similar problem. You are using
"keycloak.use-resource-role-mappings=true", check that the user has the
client's role instead realm's role.
On 11.07.2017 20:00, Dennis H wrote:
I receive a http error 403 when accessing a bearer-only resource
with
Postman that is secured with keycloak.
The user has the needed role.
Debug logs: BEARER AUTHENTICATED.
What could be the problem here?
*Application.properties*
keycloak.realm=myrealm
keycloak.bearer-only=true
keycloak.auth-server-url=http://localhost:8080/auth
keycloak.ssl-required=external
keycloak.resource=my-app
keycloak.use-resource-role-mappings=true
keycloak.securityConstraints[0].securityCollections[0].name=secured
keycloak.securityConstraints[0].authRoles[0]=app-user
keycloak.securityConstraints[0].securityCollections[0].patterns[0]=/secured/*
logging.level.org.keycloak=DEBUG
*Postman*
http://localhost:8081/secured/posts/0/10
Authorization: Bearer aDSFla56s...
*Debug*
2017-07-11 19:53:41.306 DEBUG 22556 --- [nio-8081-exec-1]
o.k.adapters.PreAuthActionsHandler : adminRequest
http://localhost:8081/secured/posts/0/10
2017-07-11 19:53:41.313 DEBUG 22556 --- [nio-8081-exec-1]
o.k.a.a.ClientCredentialsProviderUtils : Using provider 'secret' for
authentication of client 'my-app'
2017-07-11 19:53:41.314 DEBUG 22556 --- [nio-8081-exec-1]
o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider
secret
2017-07-11 19:53:41.315 DEBUG 22556 --- [nio-8081-exec-1]
o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider
jwt
2017-07-11 19:53:41.317 DEBUG 22556 --- [nio-8081-exec-1]
o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider
secret
2017-07-11 19:53:41.317 DEBUG 22556 --- [nio-8081-exec-1]
o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider
jwt
2017-07-11 19:53:41.354 DEBUG 22556 --- [nio-8081-exec-1]
o.keycloak.adapters.KeycloakDeployment : resolveUrls
2017-07-11 19:53:41.356 DEBUG 22556 --- [nio-8081-exec-1]
o.k.adapters.KeycloakDeploymentBuilder : Use authServerUrl:
http://localhost:8080/auth, tokenUrl:
http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/token,
relativeUrls: NEVER
2017-07-11 19:53:41.631 DEBUG 22556 --- [nio-8081-exec-1]
o.k.a.rotation.JWKPublicKeyLocator : Realm public keys successfully
retrieved for client my-app. New kids: [NsYwvDAUJYY3ioS9-0mpo]
2017-07-11 19:53:41.641 DEBUG 22556 --- [nio-8081-exec-1]
o.k.adapters.RequestAuthenticator : User
'c1ed6bf7-5dd-988-94fab8ecf' invoking'
http://localhost:8081/secured/posts/0/10' on client 'my-app'
2017-07-11 19:53:41.642 DEBUG 22556 --- [nio-8081-exec-1]
o.k.adapters.RequestAuthenticator : *Bearer AUTHENTICATED*
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
[https://www.adbglobal.com/wp-content/uploads/adb.png]
connecting lives
connecting worlds
2541
days inactive
2542
days old
2 comments
3 participants
participants (3)
-
Dennis H -
Karol Buler -
Sebastien Blanc