Reputation: 864
Authorization on Keycloak
I would like to configure Authorization within Keycloak. Right now I have Keycloak working with Kong and OIDC plugin.
It works well without authorization, i.e., my page is accessible only to logged users. But I could not configure authorization to control who can access the web page.
In order to test with the less configuration possible, I enabled authorization for my Client in Keycloak, set the policy enforcement mode to "Enforcing" and deleted every authorization resources, policies and permissions.
As stated by the documentation, it should not allow anything. I tried also to evaluate my test user, and he does not have right to access anything.
However, after login I'm redirected to my 'protected' page. Am I missing something ?
Upvotes: 0
Views: 444
Answers (1)
Reputation: 10136
Kong's OIDC plugin implements OpenId Connect spec only, it does not work with UMA authorization. Actually it is a hude topic and I suggest you to read Authorization Services article of Keycloak documentation first.
Upvotes: 1
Related Questions
- Keycloak impersonation only for certain users
- Get login credentials from Keycloak accessToken
- How to implement authorization using Keycloak
- google authentication with keycloak
- Keycloak access impersonate API
- Keycloak user management
- Keycloak token generation not working- Unauthorized credentials
- Keycloak authorization process after access token
- Setting up Keycloak for authentication
- Keycloak authorization