[keycloak-dev] Authz services feedback
Dmitry Telegin
dt at acutus.pro
Thu Jan 31 08:28:28 EST 2019
Hi, just a quick update,
On Thu, 2019-01-31 at 10:19 -0200, Pedro Igor Silva wrote:
> > 1. It may sound crazy, but seems that with enforcer enabled there is no way to have public endpoints, i.e. those that are not protected by the adapter security constraints. I've tried every possible combination of global and per-path enforcement-mode, tried creating the corresponding resource in Keycloak, but the enforcer would always deny access. The only scenario that worked was setting global enforcement-mode to DISABLED, which is obviously not an option.
> > I'm not sure if it's Spring Boot specific or not; I'm planning to test the same setup with other adapters too and report the result.
>
> AFAIK, we fixed this already. I think in 4.4.0. Could you check https://issues.jboss.org/browse/KEYCLOAK-8142.
I'm experiencing exactly the same, the correct body is returned together with HTTP 403. Keycloak Spring Boot Adapter is 4.8.3.
Dmitry
More information about the keycloak-dev
mailing list