[keycloak-user] Authorization Evaluation tool and how to merge PR in lower branch
Stian Thorgersen
sthorger at redhat.com
Wed May 10 07:57:04 EDT 2017
We no longer maintain Keycloak 2.x in community. Please switch to the
latest Keycloak release. Alternatively, you can look at using Red Hat
Single Sign-On [1] which is our supported option.
[1] https://access.redhat.com/products/red-hat-single-sign-on
On 10 May 2017 at 13:36, Teodor Haret <haret.spiru.teodor at gmail.com> wrote:
> Hello !
> First of all, congratulations on a nice product and keep up the good work !
>
> We are using KC v2.5.5.Final and we encountered an issue with Evaluation
> tool on RBAC, which seems to have been already fixed in latest version - I
> tested on master branch. At a first look, the issue seems to have been
> already fixed under KEYCLOAK-4652.
>
> Our issue in few details is:
> - if we evaluate against a user which was granted a given realm role
> (ROLE1) directly, the result is 'Permit'; this is expected behavior.
> - if we evaluate against another user which inherits the same realm role
> (ROLE1) indirectly - due to belonging to a group, the evaluation result is
> 'Deny'.
>
> I would need your advise on:
> - supposing 'KEYCLOAK-4652' is the one that fixes also my issue, what would
> the procedure to ask for this fix to be merged down to 2.5.5.Final as well
> ?
> - generically speaking, is there any scenario where I should open a
> separate issue on 2.5.5.Final ( eg. cases where fix from 'KEYCLOAK-4652' is
> generic/complex and we want only a sub-part of it, etc) ?
>
>
> Thank you,
> Teo
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list