Documentation about Audience support in rhsso makes confusion .
Environment
- Red Hat Single Sign-On (RHSSO)
- 7.x
Issue
- Documentation audience-support about Audience support makes confusion
Resolution
- To make this understandable , followed some steps :
-
Create 2 clients , 1- Good_service 2-Bad_service
-
Already have confidential default Account client .
-
Create 2 client scopes , 1- testgood , 2- testbad .
-
Add mappers in each scope :
In testgood scope - create "testmapperGood" with Mapper Type "Audience" and add set "Good_service" in "Included Client Audience"
In testbad scope - create "testmapperBad" with Mapper Type "Audience" and add set "Bad_service" in "Included Client Audience"
-
Then in Account --> client scopes , check with evaluate client_scopes_evaluate , by setting optional client scope - testgood , also try with testbad
-
Notice respective client name in "aud" of generated access token .
"aud": "good_service",
However, it is fixed with a bug - https://github.com/keycloak/keycloak/issues/19127
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments