Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-4983

Authz settings export of role base policy generates json where are just role-names

    Details

    • Steps to Reproduce:
      Hide
      • create several clients
      • each client should have a role with given name.
      • create role-based policy and assign roles from different clients but with the same role names
      • export authz settings
      • see the result
      Show
      create several clients each client should have a role with given name. create role-based policy and assign roles from different clients but with the same role names export authz settings see the result
    • Docs QE Status:
      NEW
    • QE Status:
      VERIFIED

      Description

      When you export authz settings with role-based policy in generated json there is

      {
          "name": "ROLE_BASED_POLICY",
          "type": "role",
          "logic": "POSITIVE",
          "decisionStrategy": "UNANIMOUS",
          "config": {
              "roles": "[{\"id\":\"$ROLE_NAME1\",\"required\":false},{\"id\":\"$ROLE_NAME2\",\"required\":false}]"
          }
      }
      

      But it is possible to have multiple clients with assigned roles which can have same name. In a such case keycloak is not able recognize that there should be two different roles and the result can be that one role is assigned twice.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                pcraveiro Pedro Igor
                Reporter:
                vramik Vlastislav Ramik
                Tester:
                Vlastislav Ramik
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: