[keycloak-user] authorizationSettings not in response
Ori Doolman
Ori.Doolman at cyberark.com
Sun Jun 16 06:39:11 EDT 2019
Pedro,
Please ignore 2nd question. It seems to work well with partial name after all.
So only the first one remains - is that a bug?
Ori.
________________________________
From: keycloak-user-bounces at lists.jboss.org <keycloak-user-bounces at lists.jboss.org> on behalf of Ori Doolman <Ori.Doolman at cyberark.com>
Sent: Sunday, June 16, 2019 1:04 PM
To: Pedro Igor Silva; Rafael Tovar.
Cc: keycloak-user
Subject: Re: [keycloak-user] authorizationSettings not in response
Pedo,
When I call the authz/resource-server/settings endpoint, I get the full list of all entities.
That works great if I later want to update the settings using the /authz/resource-server/import endpoint.
But /settings might become too big and I only want to update my permissions (specific ones, actually).
Hence, I call the /policy endpoint.
But then I get partial entity information for the scope-based permission, not similar to the one I get with /settings. The "config" object data is missing.
1) Is that a bug? You can see below both payloads.
2) Can I filter permissions by name contains "mySubstring" ? Seems that /search does not support that but only exact name match by /search?name="name"
Here is /settings call:
"policies": [
{
"id": "a10db0d8-993a-4f34-9082-350033ed8dff",
"name": "set-03",
"type": "scope",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"resources": "[\"set-01\"]",
"scopes": "[\"read\",\"write\"]",
"applyPolicies": "[\"userPolicy\"]"
}
}
Here is what I get from /policy endpoint:
{
"id": "a10db0d8-993a-4f34-9082-350033ed8dff",
"name": "set-03",
"type": "scope",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {}
}
________________________________
From: keycloak-user-bounces at lists.jboss.org <keycloak-user-bounces at lists.jboss.org> on behalf of Ori Doolman <Ori.Doolman at cyberark.com>
Sent: Thursday, June 6, 2019 4:22 PM
To: Pedro Igor Silva; Rafael Tovar.
Cc: keycloak-user
Subject: Re: [keycloak-user] authorizationSettings not in response
Great. I was looking for that as well. I don't think it is documented.
How do you manipulate the authorization entities by REST API?
For example, add a resource or a scope, modify policy etc.
-----Original Message-----
From: keycloak-user-bounces at lists.jboss.org <keycloak-user-bounces at lists.jboss.org> On Behalf Of Pedro Igor Silva
Sent: Thursday, June 6, 2019 3:43 PM
To: Rafael Tovar. <rafatov10 at gmail.com>
Cc: keycloak-user <keycloak-user at lists.jboss.org>
Subject: Re: [keycloak-user] authorizationSettings not in response
Hi,
Please, append the following path to your URI: "
/authz/resource-server/settings".
Regards.
Pedro Igor
On Thu, Jun 6, 2019 at 8:41 AM Rafael Tovar. <rafatov10 at gmail.com> wrote:
> Hi everybody,
> I'm trying to get the authorization settings of a client, but its not
> coming in the response of the request.
> This is the request im doing:
>
> https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8080_a
> uth_admin_realms_master_clients_c8e32bbc-2D72e6-2D4c30-2D827f-2D41ee51
> 980433_&d=DwICAg&c=E55fojPA83XrPGfndbiaQQ&r=o_QF9VVN9H4LTRTYF8YMPkr6mG
> Z6BOo1SvoOkvu0tBw&m=DLpa-D1y8zX1Cq0Hewm4RRkmQbD8mMhJa1vurH06wdY&s=9-yp
> A5J1MC05KhyJ0Wt2UjBualwKUwejLvPXS4JUB0w&e=
>
> and this is the response:
>
> {
> "id": "c8e32bbc-72e6-4c30-827f-41ee51980433",
> "clientId": "api",
> "surrogateAuthRequired": false,
> "enabled": true,
> "clientAuthenticatorType": "client-secret",
> "redirectUris": [
> "*"
> ],
> "webOrigins": [],
> "notBefore": 0,
> "bearerOnly": false,
> "consentRequired": false,
> "standardFlowEnabled": true,
> "implicitFlowEnabled": false,
> "directAccessGrantsEnabled": true,
> "serviceAccountsEnabled": true,
> "authorizationServicesEnabled": true,
> "publicClient": false,
> "frontchannelLogout": false,
> "protocol": "openid-connect",
> "attributes": {
> "saml.assertion.signature": "false",
> "saml.force.post.binding": "false",
> "saml.multivalued.roles": "false",
> "saml.encrypt": "false",
> "saml.server.signature": "false",
> "saml.server.signature.keyinfo.ext": "false",
> "exclude.session.state.from.auth.response": "false",
> "saml_force_name_id_format": "false",
> "saml.client.signature": "false",
> "tls.client.certificate.bound.access.tokens": "false",
> "saml.authnstatement": "false",
> "display.on.consent.screen": "false",
> "saml.onetimeuse.condition": "false"
> },
> "authenticationFlowBindingOverrides": {},
> "fullScopeAllowed": true,
> "nodeReRegistrationTimeout": -1,
> "protocolMappers": [
> {
> "id": "97330e11-24df-40ce-9335-51d5126d4059",
> "name": "Client Host",
> "protocol": "openid-connect",
> "protocolMapper": "oidc-usersessionmodel-note-mapper",
> "consentRequired": false,
> "config": {
> "user.session.note": "clientHost",
> "id.token.claim": "true",
> "access.token.claim": "true",
> "claim.name": "clientHost",
> "jsonType.label": "String"
> }
> },
> {
> "id": "9e45c71d-63f9-4d15-a3b2-e8064a569041",
> "name": "Client ID",
> "protocol": "openid-connect",
> "protocolMapper": "oidc-usersessionmodel-note-mapper",
> "consentRequired": false,
> "config": {
> "user.session.note": "clientId",
> "id.token.claim": "true",
> "access.token.claim": "true",
> "claim.name": "clientId",
> "jsonType.label": "String"
> }
> },
> {
> "id": "1e3f6604-a22e-4b0b-b5d8-ffaa501c142f",
> "name": "Client IP Address",
> "protocol": "openid-connect",
> "protocolMapper": "oidc-usersessionmodel-note-mapper",
> "consentRequired": false,
> "config": {
> "user.session.note": "clientAddress",
> "id.token.claim": "true",
> "access.token.claim": "true",
> "claim.name": "clientAddress",
> "jsonType.label": "String"
> }
> }
> ],
> "defaultClientScopes": [
> "web-origins",
> "role_list",
> "profile",
> "roles",
> "email"
> ],
> "optionalClientScopes": [
> "address",
> "phone",
> "offline_access",
> "microprofile-jwt"
> ],
> "access": {
> "view": true,
> "configure": true,
> "manage": true
> }
> }
>
> Thanks,
> Rafael.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_m
> ailman_listinfo_keycloak-2Duser&d=DwICAg&c=E55fojPA83XrPGfndbiaQQ&r=o_
> QF9VVN9H4LTRTYF8YMPkr6mGZ6BOo1SvoOkvu0tBw&m=DLpa-D1y8zX1Cq0Hewm4RRkmQb
> D8mMhJa1vurH06wdY&s=ftNZFS0MmIPo6qHQ5UK6NWEyvM23zQzIkjIKnmWtB7I&e=
>
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_mailman_listinfo_keycloak-2Duser&d=DwICAg&c=E55fojPA83XrPGfndbiaQQ&r=o_QF9VVN9H4LTRTYF8YMPkr6mGZ6BOo1SvoOkvu0tBw&m=DLpa-D1y8zX1Cq0Hewm4RRkmQbD8mMhJa1vurH06wdY&s=ftNZFS0MmIPo6qHQ5UK6NWEyvM23zQzIkjIKnmWtB7I&e=
----------------------------------------------------------------------
_______________________________________________
This e-mail may contain information that is confidential, privileged or otherwise protected from disclosure.
If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error.
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_mailman_listinfo_keycloak-2Duser&d=DwICAg&c=E55fojPA83XrPGfndbiaQQ&r=o_QF9VVN9H4LTRTYF8YMPkr6mGZ6BOo1SvoOkvu0tBw&m=GNLqFGVlYtMr4x2dKmI9lltRxxFRkpiwcUb0dN5_Vk0&s=FSGV9rSoCx_-bnd1ZH59vnrElHr4f4JKrDggC010xRU&e=
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_mailman_listinfo_keycloak-2Duser&d=DwICAg&c=E55fojPA83XrPGfndbiaQQ&r=o_QF9VVN9H4LTRTYF8YMPkr6mGZ6BOo1SvoOkvu0tBw&m=CXzfHbu3tS7-M4XAEs32GmtMA2-cJ64WMcFa3AUHirc&s=HQM_ulRNI8muZdVrVM7EIxdi1cuD6Vb3_jF4Z3p4uEg&e=
More information about the keycloak-user
mailing list