This tag applices to questions related to Keycloak Authorization Services, the fine-grained authorization policies provided by the platform
Questions tagged [keycloak-authorization-services]
15 questions
4
votes
0 answers
Request Body removed after Keycloak's Policy Enforcer Evaluation
I am trying to get familiar with the Authorization Services concepts from Keycloak by playing around with the app-authz-rest-springboot from Keycloak-Quickstarts.
I run a keycloak-server and the app-authz-rest-springboot locally, following the…
kbodurri
- 41
- 1
1
vote
1 answer
How to enable users to delete their own Keycloak account using API?
I have an Express.js CRUD application and I use Keycloak 18.0.2 for identity management. Keycloak handles Google and Facebook Single Sign-On (SSO) for my application, and all authentications are managed through Keycloak. Currently, users are…
suplesh
- 11
- 2
1
vote
1 answer
what is the alternative for deprecated method org.keycloak.TokenVerifier.realmUrl()
I am trying to verify the AccessToken using below code -
TokenVerifier verifier = TokenVerifier.create(StringAccessToken, AccessToken.class).withDefaultChecks();
PublicKey publicKey = getRealmPublicKey(verifier.getHeader());
return…
Ganesh Dhongade
- 21
- 5
1
vote
1 answer
How can we assign a permission to all users in Keycloak Authorization Services policies?
I would like to create a all users policy in Keycloak:
How can I specify that this policy is for all users?
Using '*' didn't work.
codependent
- 23,193
- 31
- 166
- 308
0
votes
1 answer
Guidance about when to use UMA in Keycloak
I started using Keycloak and stumbled upon User-Managed Access (UMA) when trying to implement fine-grained access control. As far as I understand, UMA is an extension of OAuth2 that provides an authorization layer. However, I'm struggling to grasp…
nailer_boxer
- 202
- 3
- 10
0
votes
0 answers
Keycloak(20.0) Authorization - Update your own profile
I am using a keycloak version 20.0.1. I have given my user the realm-admin and manage-users roles, but I can't update my own profile (for example changing my name). When I sent a request I got an error - 403 Forbidden.
I sent a PUT request with a…
Spongi
- 501
- 3
- 10
- 19
0
votes
0 answers
Why keycloak public client doesn't have Authorization
I am not able to understand why public client doesn't have Authorization feature. How to achieve Authorization in frontend then?
One approach I understood is create two client one for frontend and one for resource server which is confidential…
Anurag
- 1,013
- 11
- 30
0
votes
0 answers
Springboot app protected by keycloak return 403 after deploying in kubernates
I deploped the springboot app protected by Keycloak and it's working fine in localhost,but not working after deploying in kubernates, all the api return 403.
And the user has the resource permission when i use envaluate function in keycloak admin…
guorui
- 1
0
votes
0 answers
Keycloak -18.0.1 issue with authorization and multiple polices/permissions
we are getting issue with multiple policies/permission.
Policy A - user A with scope A,B,C works fine.
Policy B - user B with scope B,C,D gives 403.
Policy C - user C with scope C,D,E gives 403.
If User B is added to Policy A it works fine and…
Gagan Noor Singh
- 21
- 8
0
votes
1 answer
Keycloak authorization policy evaluation with spring cloud gateway
I am trying to use keycloak for authorization in spring cloud gateway. Keycloak does not provide any spring based adapters for policy enforcement for reactive stack.However, it does provide an endpoint for policy…
Pankaj Chauhan
- 33
- 6
0
votes
0 answers
Keycloak Javascript Policy based on resource info of realm
I was searching through the supported policy types of keycloak, and saw that it offers some predefined choices regarding:
Regex
Role
Client
User
...
Js
The most flexible one, seems to be Js after the drop of support on rule based policies.
So my…
ichantz
- 298
- 3
- 11
0
votes
0 answers
Keycloak: Access Denied when adding claims (permission.addClaim) to RPT token
My Spring Boot Application with policy enforcer works fine. But when I add via my SPI some custom claims to the authorization->permission part of the RPT token then I am always getting: Policy enforcement result for path…
Ertu
- 1
- 1
0
votes
1 answer
Keycloak, java plugin, auth user custom connected to third party
I have a need to make "hacky" oauth flow. I mean add ability for users, to login to my system using credentials from other, which does not have oidc unfortunately and wont have for many months.
I would like to have this option, to enter this other…
FrancMo
- 2,459
- 2
- 19
- 39
0
votes
0 answers
What is the proper way to register policy-enforcer configuration in ktor
In spring boot, adding keycloak adaptor and "keycloak.policy-enforcer-config.claimInformationPointConfig.claims[claim-from-uri]={ request.uri }" to application.properties
file, I am able to receive "claim-from-uri" in keycloak javascript policy. But…
na55r
- 1
- 1
0
votes
0 answers
Invalid Resource or Resource[id] does not exist keycloak
I have deleted one resource, policy, and permission from keycloak because its a replica of another resource with a different name but now for that URL keycloak gets deleted resource and trying to find out deleted resource rather than existing one…
Jahnavi
- 53
- 6