[keycloak-dev] Multi tenancy support - a proposal to discuss

Juraci Paixão Kröhling juraci at kroehling.de
Thu Oct 23 04:42:22 EDT 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 10/23/2014 10:28 AM, Marek Posolda wrote:
>> Actually isn't problem in scopes? The client application, which
>> you are using to access KC should be in scopes for those
>> "view-applications" or "manage-applications" roles. Admin console
>> is using application "Security-admin-console", which has scope to
>> realm role "admin" so it has defacto scope to everything. Maybe
>> you can also use this scope or use "Full scope allowed" switch
>> for your app.

You nailed it: setting the OAuth Client with Full Scope did the trick.
The user that created the realm indeed gets full permission for the
realm, the problem was just that the OAuth Client scope wasn't allowed
for that.

Thanks a lot, I'll update the README for the example to use it instead.

Juca.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCgAGBQJUSL9uAAoJEDnJtskdmzLM04MIAJ2eMtlKJ471hlx78aEC21eh
z36j8xbwlC9QjNnlA505vIg5L8ZGNui9r+itH661rdR4GdVEdGepCWLiXdVlkHBf
gzdboMvlNeocW+PxyBIm2FMS2c3tJ25S2kQ+8bOcQcoshs0QMpyeZ8ydgvXysXsG
t696OoSEJ1B97R3d6Wos565ardVcoDDiPq32dpcsEDIV2vK7P3S98OEB/xr6kIja
kNqc3b0YpLCV//CuId9hKYVSmv/sxZXHmnvi1ICIdyjb4jiQ4lixUZf7KCIf0O9P
Y+PLHqZqPV1Qqj6H+gH2MNxYRGEyCsJeGsgEyXHv8g22e5dj0PQblTiDL2OdWFg=
=jSg0
-----END PGP SIGNATURE-----


More information about the keycloak-dev mailing list