[keycloak-user] Policies seem to go corrupt, version 2.5.0
Pedro Igor Silva
psilva at redhat.com
Tue Jan 24 08:21:33 EST 2017
I see. I'm going to check what is happening. Can't understand why it works
after re-creating the policies.
So, you were using which version before migrating to 2.5.0 ? Did you also
try a build from upstream ?
On Tue, Jan 24, 2017 at 11:04 AM, Ushanas Shastri <ushanas at gmail.com> wrote:
> Hello Pedro,
>
> Policies created by us stop working. For example, without any change the
> Evaluation API shows Deny, and we can't investigate why, as the policy
> results in Resource not found.
>
> Interestingly, while the Evaluation API in the administration console
> says denied, the protected application gets a permit when using the
> Authorization API.
>
> We then recreate the policies, permissions and all is good again.
>
> Regards, Ushanas.
>
>
> On 24-Jan-2017 5:05 PM, "Pedro Igor Silva" <psilva at redhat.com> wrote:
>
> HI Ushanas, recently we made a specific change to update policies types
> from "drools" to "rules". But that was in 2.5.1, so I think it is not case.
>
> Can you elaborate more what are those random instances of policies ? Are
> they being created somehow but not by you ?
>
> Regarding the resource not found, I think I have fixed this with this PR
> https://github.com/keycloak/keycloak/pull/3766/. It should be available
> on 2.5.1.
>
> Thanks.
>
> On Tue, Jan 24, 2017 at 12:51 AM, Ushanas Shastri <ushanas at gmail.com>
> wrote:
>
>> Hello,
>>
>> I've created scope based permissions tied to role based policies. Any new
>> permission or policy we create, all looks right, but we find random
>> instances of policies that deny authorization, and when we want to
>> investigate, we can't even see the details of the policy. It shows up in
>> the list, but clicking on it takes us to a resource nor found page.
>> Any ideas on what may be happening here?
>>
>> Regards, Ushanas.
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
>
More information about the keycloak-user
mailing list