I configure keycloak (quay.io/keycloak/keycloak:24.0.2) with two clients:
- store-700
- my-resource-server
I also set my my-resource-server as a resource server and set it like that:
- created scope named upload
- created resource named transaction (with scope: upload)
- created policy named ‘store-clients’: type of Client Policy (and allow client-id store-700)
- created permission named ‘permission-700’ which allow access to transaction:upload
this is my overall configuration:
{
"allowRemoteResourceManagement": true,
"policyEnforcementMode": "ENFORCING",
"resources": [
{
"name": "transaction",
"ownerManagedAccess": false,
"displayName": "",
"attributes": {},
"_id": "e61bc461-85d4-4390-af7b-d594c5f4c6d7",
"uris": [],
"scopes": [
{
"name": "upload"
}
],
"icon_uri": ""
}
],
"policies": [
{
"id": "c2fec000-591d-41e2-94e7-6062bca6ca5b",
"name": "store-clients",
"description": "",
"type": "client",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"clients": "[\"store-700\"]"
}
},
{
"id": "82cdb7dd-a70b-4272-abbd-f9d941fbdd27",
"name": "permission-700",
"description": "",
"type": "scope",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"resources": "[\"transaction\"]",
"scopes": "[\"upload\"]",
"applyPolicies": "[\"store-clients\"]"
}
}
],
"scopes": [
{
"id": "9b14076d-17a9-42a8-a8ac-a0c98dc253ca",
"name": "upload",
"iconUri": ""
}
],
"decisionStrategy": "UNANIMOUS"}
When I am trying to evaluate this in the Evaluate tab I get Deny: