Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KeyCloak directs to 403 forbidden page after authenticated #2

Closed
chamithchathuka opened this issue Jun 25, 2017 · 5 comments
Closed

KeyCloak directs to 403 forbidden page after authenticated #2

chamithchathuka opened this issue Jun 25, 2017 · 5 comments

Comments

@chamithchathuka
Copy link

When I logged into the client app using the created user account with correct credentials KeyCloak allows me to log in, but application directs me into the access forbidden 403 page. stackoverflow.com/questions/44739006/spring-boot-keycloak-directed-to-403-forbidden I thnk there is an issue with Spring Boot project as KeyCloak

I am new to Keycloak, I am using the official tutorial project on https://github.com/sebastienblanc/spring-boot-keycloak-tutorial

for integrating with Spring Boot application, I have setup the KeyCloak server successfully and the spring boot application also directing to the client application I have created on the Realm I have created on KeyCloak, after providing the correct credentials it directs to the forbidden page.

@Controller
class ProductController {

@GetMapping(path = "/products")
public String getProducts(Model model){
    model.addAttribute("products", Arrays.asList("iPad","iPhone","iPod"));
    return "products";
}

@GetMapping(path = "/logout")
public String logout(HttpServletRequest request) throws ServletException {
    request.logout();
    return "/";
}
}

Application.properties file

keycloak.auth-server-url=http://localhost:8080/auth
keycloak.realm=springdemo
keycloak.resource=product-app
keycloak.public-client=true

keycloak.security-constraints[0].authRoles[0]=testuser
keycloak.security-
constraints[0].securityCollections[0].patterns[0]=/products/*

server.port=8081

I am not getting any error message from KeyCloak console or spring embedded tomcat console.

Check the tomcat console here - no error enter image description here

Thank you.
@chamithchathuka
Copy link
Author

Issue resolved, the problem with the user role and user

@vivek82
Copy link

vivek82 commented Nov 5, 2019

@chamithchathuka
I am also getting same issue. What changes you did in user role and user. In my case I have created user at realm level and created user role at realm level. Later I did role mapping for user and assigned him user role. When I am trying to access endpoint, I am getting keycloak pop for login. After correct login credential, I am getting 403 error. I have used same example as yours.

@tw2as
Copy link

tw2as commented Jan 30, 2020

@vivek82 in order to login to http://[host]:[port]/auth/admin/[your-realm]/console you may need some additional roles eg. view-realm
https://lists.jboss.org/pipermail/keycloak-user/2018-December/016806.html

@sanjay-amoment4u
Copy link

@chamithchathuka, could you please elaborate the steps / instructions to add the view-realm role.
Actually, I tried to add this role but still I get the same issue when I run my application.
Also, when I try to click the Base URL - http://[host]:[port]/auth/admin/[your-realm]/console under MyRealm >> Clients, I redirected to a forbidden page in Keycloak console itself.
I am kind of stuck at this point, any help is much appreciated.
Thanks in advance.

@hexadefence
Copy link

User's roles should be added to the access token(generated by keycloak after successful authentication) as well.
You can map the required roles to be added to the access token using client scope tab.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@sanjay-amoment4u @vivek82 @chamithchathuka @tw2as @hexadefence