[keycloak-user] Bearer Only Application access with token
Rodrigo Sasaki
rodrigopsasaki at gmail.com
Tue Jul 29 10:51:01 EDT 2014
Hi,
I'm trying to secure a bearer-only application with keycloak, to access it
with access tokens, but I think I'm missing something.
I tried it with the database-service of the unconfigured demo.
1. I created the user role in the application.
2. I assigned that role to my user
3. I copied the contents of the installation json to
*webapp/META-INF/keycloak.json*
{
"realm": "demo",
"realm-public-key":
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwRayjzh7W+EfPaeSdyXWLyXof7c3fwD7vb0AEtG+ogLHtMkYiTdX9y/JXOmXwWDzGhx7NM3Q6vkCG0F3lZqOVsSlYH56c5+Ev4QmSGK/+6e+WcZMcgmscoz1OoXKom4+pzqMey42hqdwwMhkvCq/jxJSmUGnZJQuqEKVH00NZ1wIDAQAB",
"bearer-only": true,
"ssl-not-required": true,
"resource": "database-service",
"use-resource-role-mappings": true
}
4. Set the auth-method to *KEYCLOAK* on web.xml
5. Started the server deploying the *database-service*
6. Generated a token using *security-admin-console* client_id and my user
7. Submitted a GET request to *localhost:8080/database/customers*
After these steps I get a 403 error, saying that I'm not authorized to
access the resource, wasn't this supposed to work?
--
Rodrigo Sasaki
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140729/4643e441/attachment.html
More information about the keycloak-user
mailing list