Reputation: 864
I would like to configure Authorization within Keycloak. Right now I have Keycloak working with Kong and OIDC plugin.
It works well without authorization, i.e., my page is accessible only to logged users. But I could not configure authorization to control who can access the web page.
In order to test with the less configuration possible, I enabled authorization for my Client in Keycloak, set the policy enforcement mode to "Enforcing" and deleted every authorization resources, policies and permissions.
As stated by the documentation, it should not allow anything. I tried also to evaluate my test user, and he does not have right to access anything.
However, after login I'm redirected to my 'protected' page. Am I missing something ?
Upvotes: 0
Views: 442
Reputation: 10136
Kong's OIDC plugin implements OpenId Connect spec only, it does not work with UMA authorization. Actually it is a hude topic and I suggest you to read Authorization Services article of Keycloak documentation first.
Upvotes: 1