Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-9628

[GSS](7.3.0) Keycloak adapter for Elytron not propagating roles to local EJB

    Details

    • Steps to Reproduce:
      Hide

      We made the simple demo which you can follow (please read Installation instructions on GitHub)
      Following these steps you should get the same error
      demo

      Show
      We made the simple demo which you can follow (please read Installation instructions on GitHub) Following these steps you should get the same error demo
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      We have a strange issue with the Keycloak and the Wildfly Elytron using Wildfly
      15.0.0. After following installation instructions from this site section "2.1.2. JBoss EAP/WildFly Adapter" we always get exception when we send request to our endpoint:

      Caused by: javax.ejb.EJBAccessException: WFLYEJB0364: Invocation on method: public java.lang.String at.itbh.jira.DemoBean.echo(java.lang.String) of bean: DemoBean is not allowed

      In our access token we have all necessary roles which are then applied on
      endpoint in @RolesAllowed("rest"). Also not working when we use
      @SecurityDomain("keycloak") with EJB.

      Everything is working correctly with legacy Keycloack adapter.

      We also asked for help on the Keycloak user mailing list here and they redirect us to JIRA.

      Thanks for help!

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  pcraveiro Pedro Igor Silva
                  Reporter:
                  mzahradnik Milan Zahradnik
                • Votes:
                  1 Vote for this issue
                  Watchers:
                  7 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: