I am trying to create a client policy for performing token exchange in v21.1.1 , but unable to do so.
Create method always throws 404 not found exception. I am unable to access any of the entities in authorizations tab of realm-management client.
public boolean createPolicy(ClientsResource clients, AuthorizationResource authorization, Tenant tenant) {
//create policy while creating platform app
PolicyRepresentation policyRepresentation = new PolicyRepresentation();
policyRepresentation.setName(tenant.getTenantName()+“-policy”);
policyRepresentation.setDescription(tenant.getTenantName()+“-policy”);
policyRepresentation.setType(“client”);
policyRepresentation.setLogic(Logic.POSITIVE);
policyRepresentation.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
policyRepresentation.setId(tenant.getTenantName()+“-policy”);
//Application platformApp = applicationRepository.findByApplicationName(tenant.getTenantName(), IAMConstants.IAM_APP);
List platformApps = clients.query(IAMConstants.IAM_APP);//todo
String platformAppInternalId = “”;
if(platformApps != null) {
for (ClientRepresentation cr : platformApps) {
if(cr.getName().equals(IAMConstants.IAM_APP)) {
platformAppInternalId = cr.getId();
}
}
}
Keycloak keyCloak = keyCloakClient.getKeyCloak(idpConfig);
Map<String, String> config = new HashMap<>();
config.put("clients", platformAppInternalId);
policyRepresentation.setConfig(config);
//Response lentra1 = keyCloak.realm("lentra1").clients().get("realm-management").authorization().policies().create(policyRepresentation);
Response response = authorization.policies().create(policyRepresentation);
//LOGGER.info("Create public client response : {}, {}", response.getStatus(), response.getStatusInfo());
if (response.getStatus() == 201) {
// Policy created successfully
return true;
} else {
// Handle error
return false;
}
public void updatePermission(RealmResource realmResource, ClientsResource clients, Tenant tenant, ClientRepresentation clientRepresentation, ApplicationDto appDto ) {
AuthorizationResource authorization = getClient(realmResource, REALM_MANAGEMENT_CLIENT).authorization();
List rmRepresentations = clients.findByClientId(REALM_MANAGEMENT_CLIENT);
//client keycloak generated internal id
List targetApps = clients.findByClientId(appDto.getApplicationId());
String realmMgmtInternalId = rmRepresentations.get(0).getId();//realm-management internal ID
List scopes = rmRepresentations.get(0).getDefaultClientScopes();
String targetAppInternalId = targetApps.get(0).getId();//TOKEN_EXCHANGE_PERMISSION_POLICY_ID / Client Internal ID
ClientResource targetAppResources = clients.get(targetAppInternalId);
//enable permission for targetApp
targetAppResources.getPermissions().setEnabled(true);
ManagementPermissionReference permissions = targetAppResources.getPermissions();
permissions.setEnabled(true);
ResourcesResource resources = authorization.resources();
//keycloak generated token exchange id ( scope )
ScopeRepresentation scopeRepresentation = authorization.scopes().findByName(TOKEN_EXCHANGE);
List<ScopeRepresentation> scopeRepresentations = new ArrayList<ScopeRepresentation>();
scopeRepresentations.add(scopeRepresentation);
// key cloak generated resource id
List<ResourceRepresentation> resourcesList = resources.findByName("client.resoruce." + targetAppInternalId);
List<PolicyRepresentation> policyRepresentations = new ArrayList<PolicyRepresentation>();
PolicyRepresentation mypolicy = authorization.policies().findByName(tenant.getTenantName() + "-policy");
if(mypolicy != null)
{
policyRepresentations.add(mypolicy);
}
ResourceServerRepresentation resourceServerRepresentation = new ResourceServerRepresentation();
resourceServerRepresentation.setClientId(appDto.getApplicationId());//todo
resourceServerRepresentation.setScopes(scopeRepresentations);
resourceServerRepresentation.setResources(resourcesList);
resourceServerRepresentation.setPolicies(policyRepresentations);
resourceServerRepresentation.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
clientRepresentation.setAuthorizationSettings(resourceServerRepresentation);
keyCloakClient.getKeyCloak(idpConfig).realm(tenant.getTenantName()).clients().get(appDto.getApplicationId()).update(clientRepresentation);
}
Any help would be appreciated.