[KEYCLOAK-5927] The domain-extension example is not working - Red Hat Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Won't Fix
Affects Version/s: 3.2.0.Final, 3.3.0.Final, 3.4.0.Final
Fix Version/s: None
Component/s: None
Labels:
None

Docs QE Status:
NEW
QE Status:
NEW

Description

In Keycloak >= 3.2.0, the admin role is no longer mapped in the scope of the admin-cli client by default. That leads to absence of the realm_access field in the access token, which, in turn, breaks domain-extension example.

There could be the following solutions:

restore pre-3.2.0 behavior for the admin role and admin-cli scope;
document the necessity to map the role manually in the readme for domain-extension;
rewrite domain-extension's authorization code to use o.k.services.resources.admin.AdminAuth.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Dmitry Telegin

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2017/11/28 10:59 AM

Updated:: 2019/01/15 4:14 AM

Resolved:: 2018/10/18 2:27 AM