[keycloak-user] REST API client allowRemoteResourceManagement

Thu Mar 9 06:55:29 EST 2017

 curl -X POST \
 -H "Content-Type: application/x-www-form-urlencoded" \
 -d "client_id=admin-cli&username=admin&password=xxx&grant_type=password" \
 https://keycloak.fin.uniquedomain/auth/realms/master/protocol/openid-
connect/token | jq

I am using the access_token as bearer token in the ADMIN REST interface:

curl -v -X POST \
 -H "Content-Type:application/json" \
 -H 'Authorization: bearer xxxxx' \
 -d '{
 "clientId": "test_client",
     "name": "test_client",
     "rootUrl": "",
     "adminUrl": "",
     "surrogateAuthRequired": false,
     "enabled": true,
     "clientAuthenticatorType": "client-secret",
     "redirectUris": [
       "/*"
     ],
     "webOrigins": [
       "/*"
     ],
     "notBefore": 0,
     "bearerOnly": false,
     "consentRequired": false,
     "standardFlowEnabled": true,
     "implicitFlowEnabled": false,
     "directAccessGrantsEnabled": true,
     "serviceAccountsEnabled": true,
     "authorizationServicesEnabled": true,
     "publicClient": false,
     "frontchannelLogout": false,
     "protocol": "openid-connect",
     "fullScopeAllowed": true,
     "authorizationSettings":
     {
      "allowRemoteResourceManagement": true,
      "policyEnforcementMode": "ENFORCING",
      "resources": [
        {
          "name": "Default Resource",
          "uri": "/*",
          "type": "urn:test_client:resources:default",
          "typedScopes": []
        }
      ],
      "policies": [
        {
          "name": "Default Policy",
          "description": "A policy that grants access only for users within
this realm",
          "type": "js",
          "logic": "POSITIVE",
          "decisionStrategy": "AFFIRMATIVE",
          "config": {
            "code": "// by default, grants any permission associated with
this policy\n$evaluation.grant();\n"
          }
        },
        {
          "name": "Default Permission",
          "description": "A permission that applies to the default resource
type",
          "type": "resource",
          "logic": "POSITIVE",
          "decisionStrategy": "UNANIMOUS",
          "config": {
            "defaultResourceType": "urn:test_client:resources:default",
            "default": "true",
            "applyPolicies": "[\"Default Policy\"]"
          }
        }
      ],
      "scopes": []
     }
 }' \
 https://keycloak.fin.uniquedomain/auth/admin/realms/myrealm/clients

The client is added correctly, and it is now a resource with the authZ
resources and permissions, but under Authorization - Settings, Remote
Resource Management is still off.

Am 09.03.2017 12:49 nachm. schrieb "Pedro Igor Silva" <psilva at redhat.com>:

> What are you using to call the API ?
>
> On Thu, Mar 9, 2017 at 7:17 AM, Sven Thoms <sven.thoms at gmail.com> wrote:
>
>> Both on the POST and PUT for client, with authorizationservicesenabled Set
>> to true,  I cannot set
>>
>> allowRemoteResourceManagement
>>
>> to true.  It is as if the Admin REST interface just ignores that setting.
>>
>> Can anyone confirm and possibly explain,  please?
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>