Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-8274

Realm export "uma_protection" role not reproducable

    XMLWordPrintable

    Details

    • Steps to Reproduce:
      Hide

      Create Realm
      Add Client
      Enable Authorization Enabled
      verify Service Account has role "uma_protection" within this Client
      export realm with groups and clients
      delete realm
      import realm from export.json
      verify Service Account misses role "uma_protection" within this Client

      Show
      Create Realm Add Client Enable Authorization Enabled verify Service Account has role "uma_protection" within this Client export realm with groups and clients delete realm import realm from export.json verify Service Account misses role "uma_protection" within this Client
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      If one sets up a Client with "Authorization Enabled" then the Service Account will get the role "uma_protection" assigned[1.png].

      If this Realm gets exported (see the appended export.json) and then imported the service account misses this role within this client[2.png].

      If realm creation is done in dev/test via GUI and deployed in production via realm import this breaks production, if one uses permissions and CIPs, because this role is mandatory.

      Resulting error is:

      Unexpected response from server: 403 / Forbidden / Response from server: {"error":"invalid_scope","error_description":"Requires uma_protection scope."}
      

      Is there any workaround for this issue?

        Gliffy Diagrams

          Attachments

          1. 1.png
            1.png
            102 kB
          2. 2.png
            2.png
            104 kB
          3. realm-export (15).json
            50 kB

            Issue Links

              Activity

                People

                • Assignee:
                  pcraveiro Pedro Igor
                  Reporter:
                  ataraxus Anton G
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: