boycod3
Reputation: 5317
Keycloak spring boot configuration for client roles
I have a spring boot enabled rest api configured with keycloak.
keycloak.realm = demo
keycloak.realmKey = yfdsfdiufuydhf
keycloak.auth-server-url = http://localhost:8080/auth
keycloak.ssl-required = external
keycloak.resource = lib-backend
keycloak.bearer-only = true
keycloak.credentials.secret = a9fa2e60-324b-4508-b33d-84be2a981da3
# Keycloak Enable CORS
keycloak.cors = true
keycloak.securityConstraints[0].securityCollections[0].name = spring secured api
keycloak.securityConstraints[0].securityCollections[0].authRoles[0] = lib_sadmin
The above code will return api to client without any issue.But when i remove the realm role and enabled the client role gives 403 forbidden error.
Upvotes: 14
Views: 13331
Answers (2)
JoeX
Reputation: 1
keycloak.use-resource-role-mappings=true does not work as it returns 403. If the @RolesAllowed is set to the realm role and keycloak.use-resource-role-mappings=false it is able to see the roles and works as expected. This is the link to the change request that is not resolved yet https://issues.redhat.com/browse/KEYCLOAK-8376
Upvotes: 0
Gex
Reputation: 2202
If you want to operate with the client roles, you should add this to your configuration:
keycloak.use-resource-role-mappings=true
See the documentation.
Upvotes: 38
Related Questions
- Enable role authentication with spring boot (security) and keycloak?
- Keycloak with Spring Boot based on roles does not work, which were assigned to the user in keycloak
- Keycloak Spring boot configuration
- Spring Boot Keycloak Client Credentials in request body
- How to give client role based access in keycloak spring adapter?
- Keycloak Admin Client in Spring Boot
- Keycloak role mapping
- Assign role to user Keycloak Admin Client
- Keycloak configuration for spring boot in application.properties
- Spring Boot Configuration -- keycloak