[keycloak-user] Need help in resolving error with authorizing our app using Keycloak

[Marek Posolda]

You can take a look at our demo examples, which contains the scenario 
like this.

The possible tips:
- Try to see what roles accessToken really contains on your angular side 
and if it really contains the requested roles. Maybe you're missing 
"scope" for roles?
- If roles are in accessToken, then doublecheck if they are correctly 
mapped on your backend rest service side to the JEE roles. For example 
see adapter option "use-resource-role-mappings"

Marek

On 12/09/16 17:58, Ganga Lakshmanasamy wrote:
> Hi,
>
> We have a web application which uses keycloak as its authentication 
> server. Currently, we have enabled keycloak only at our client side 
> which is an angular code. We would like to enable the keycloak 
> security for our rest services as well. So we did the following,
> 1. Created a new client in our realm for backend services with access 
> type "bearer-only".
> 2. Configured keycloak adapter in wildfly where our backend rest 
> services are deployed.
> 3. Added keycloak.json file of backend services client.
> 4. Logged into our application through our angular client and got the 
> token.
> 5. Tried accessing the backend rest api with the access token sent as 
> part of header as below.
> Authorization: Bearer 
> eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJiMjc0ZTY3My0yOTg1LTQwNmEtOWE0YS1...
>
> Getting*403 Forbidden access* error while invoking the rest service 
> even though the user has the required roles set. Please help us in 
> resolving the issue.
>
> Regards,
> Ganga Lakshmanasamy
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160913/c4279151/attachment.html