What You Can Do:
Here’s how you can set things up:
Mapping Roles in Keycloak:
roles
.User Client Role
.roles
.String
.Kong ACL Plugin Setup:
bashcurl -X POST http://<Kong Admin URL>/consumers/{consumer}/acls \ --data "group=<role>"
bashcurl -X POST http://<Kong Admin URL>/routes/{route_id}/plugins \ --data "name=jwt" \ --data "config.claims_to_verify=exp" \ --data "config.key_claim_name=iss" \ --data "config.secret_is_base64=false"
bashcurl -X POST http://<Kong Admin URL>/routes/{route_id}/plugins \ --data "name=acl" \ --data "config.whitelist=<role>"
If you need more help with the specifics, feel free to ask!
Cheers,
ELTON
--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/f34d49c2-92ea-4c63-873c-0666d0135422n%40googlegroups.com.