NodeJS Adapter Authentication seems not working, 403 Access Denied

UPDATE: I even get 403 when there is no role requires, so I guess the problem is something else, but still any help is very much so appreciated.
Hey guys, new day new problem.
Now below you can see all my configurations, if you ask for something else I will also deliver that.
My problem is, even though I correctly set up my roles( realm roles), I have the correct keycloak config file and correct mapping, I still get access denied(403) on service/admin page and service/secured page. What can I do?
I believe the code is fine as well since it’s more or less the same with keycloak’s nodejs example.
Any help is appreciated.


any help, what am i doing wrong :confused:

Try settings use-resource-role-mappings to true in your config and see if that helps.
You are authenticated? It’s just a role mapping problem?

Thanks so much for the reply, and no, I have discoreded that it is not just a role mapping problem, even when I change keycloak.protect(‘realm:admin’) to keycloak.protect(), it still gives the same error.

What do you mean by “you are authenticated”? If you are asking whether I have logined, yes I have(as user). Is there something else I should be doing?

Maybe you can take a look at and follow the steps to setup and configure Keycloak and a client to connect to.

Otherwise create a reproducible example on Github so we can have a closer look.

I exactly have the same app, only changed port variable so I could deploy it onto IBM Cloud.
Anyway, I set up an access log on the server and saw ERR Could not obtain grant code: Error: self signed certificate error. Then I added process.env[“NODE_TLS_REJECT_UNAUTHORIZED”] = 0; in my code and it seems to be working.
That also needs to be in documentation I believe. I have lost so many hours working on this.

1 Like

The ultimate blame is for applications and examples that promote the use of self-signed certificates. There is no gain in using these. Just take the time to get a proper certificate.

I, too, spent a few hours double-checking my initial express node app for typos and misunderstandings in an attempt to determine why the Keycloak.protected routes all would fail with Access Denied.

It would be helpful if the connection failure due to the client not accepting the self-signed certificate of the server (here Keycloak as the identity and authentication service) was reported in a more evident manner.

Just create a new client and set Access Type: Public Access

now you can authenticate from JS with login page