[keycloak-user] Policies seem to go corrupt, version 2.5.0
Ushanas Shastri
ushanas at gmail.com
Tue Jan 24 08:43:14 EST 2017
Hello,
We didn't migrate, we did a fresh install. I'm checking if we copied
standalone.xml from an older version, but I doubt it.
Haven't yet taken the upstream version. We've had difficulties making a
build, and are looking into it.
Thank you,
Regards, Ushanas.
On 24-Jan-2017 6:51 PM, "Pedro Igor Silva" <psilva at redhat.com> wrote:
> I see. I'm going to check what is happening. Can't understand why it works
> after re-creating the policies.
>
> So, you were using which version before migrating to 2.5.0 ? Did you also
> try a build from upstream ?
>
> On Tue, Jan 24, 2017 at 11:04 AM, Ushanas Shastri <ushanas at gmail.com>
> wrote:
>
>> Hello Pedro,
>>
>> Policies created by us stop working. For example, without any change
>> the Evaluation API shows Deny, and we can't investigate why, as the
>> policy results in Resource not found.
>>
>> Interestingly, while the Evaluation API in the administration console
>> says denied, the protected application gets a permit when using the
>> Authorization API.
>>
>> We then recreate the policies, permissions and all is good again.
>>
>> Regards, Ushanas.
>>
>>
>> On 24-Jan-2017 5:05 PM, "Pedro Igor Silva" <psilva at redhat.com> wrote:
>>
>> HI Ushanas, recently we made a specific change to update policies types
>> from "drools" to "rules". But that was in 2.5.1, so I think it is not case.
>>
>> Can you elaborate more what are those random instances of policies ? Are
>> they being created somehow but not by you ?
>>
>> Regarding the resource not found, I think I have fixed this with this PR
>> https://github.com/keycloak/keycloak/pull/3766/. It should be available
>> on 2.5.1.
>>
>> Thanks.
>>
>> On Tue, Jan 24, 2017 at 12:51 AM, Ushanas Shastri <ushanas at gmail.com>
>> wrote:
>>
>>> Hello,
>>>
>>> I've created scope based permissions tied to role based policies. Any
>>> new
>>> permission or policy we create, all looks right, but we find random
>>> instances of policies that deny authorization, and when we want to
>>> investigate, we can't even see the details of the policy. It shows up
>>> in
>>> the list, but clicking on it takes us to a resource nor found page.
>>> Any ideas on what may be happening here?
>>>
>>> Regards, Ushanas.
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>>
>
More information about the keycloak-user
mailing list