[keycloak-user] Having a policy enforcer and an unsecured endpoint at the same time ?

Sebastien Blanc sblanc at redhat.com
Wed Oct 26 11:41:39 EDT 2016


Hi,

I'm trying to help a community member that is having issues to provide a
rest endpoint that do not need authentication but other endpoints are
protected and make use of a policy enforcer.

Looks like it is not possible to have both , is that correct ? The authz
seems to intercept all the request (as mentioned in the documentation) and
even by setting the enforcement to "permissive" it fails for this
unprotected endpoint.


For reference : https://issues.jboss.org/browse/KEYCLOAK-3799

(There are other issues in this ticket like configuring authz for
SpringBoot but this is another problem to have to be solved separately)

Sebi


More information about the keycloak-user mailing list