[keycloak-user] Access Forbidden
Aaron Echols
aechols at bfcsaz.com
Thu Apr 4 19:02:08 EDT 2019
Hello All,
I was running 4.1.0.Final and decided to upgrade this week to 4.8.3.Final.
I'm running into an issue where we set a group up with the `manage-users`
Role Mapping. In 4.1.0.Final, the members of said group were able to login
and reset passwords for users successfully in the realm they are in.
Now when they attempt to access the Security Admin Console under
Applications in their profile, they get the following message on the user
side:
Forbidden
You don't have access to the requested resource.
All I see in the Events log:
LOGIN
Client: security-admin-console
User: <identifier>
IP Address: <local-ip>
Details:
auth_method: openid-connect
auth_type: code
response_type: code
redirect_uri: /auth/admin/realm/console/
consent: no_consent_required
code_id: <code-id>
response_mode: fragment
username: <username>
CODE_TO_TOKEN
Client: security-admin-console
User: <identifier>
Details:
token_id: <token-id>
grant_type: authorization_code
refresh_token_type: refresh
scope: openid
refresh_token_id: <refresh-token-id>
code_id: <code-id>
client_auth_method: client-secret
I've verified that they have the proper roles assigned, why isn't this
working now and anyone have any help to be able to troubleshoot?
Thanks in advance for any help or recommendations. :)
--
*Aaron Echols*
More information about the keycloak-user
mailing list