Page History

...

Redhat AUTHORIZATION SERVICES

Istio External Authorization Blog

Working example

1. To use keycloak authoriztion services start by creating a confidential client.
2. Set "Authoriztion  Enabled" to on.
3. Create 2 roles rapp_admin and rapp_user and assigned them to the service account.
4. Click on the authoriztion tab for the client  to setup your authoriztion policies.
5. Start by creating 4 scopes (create,edit, delete and view) in the "Authoriztion scopes" section
6. Next create a resource "Rapp resource", set the URI to /api/resources/* and set the scopes to create,edit, delete and view.
7. Next create a policy "View Policy", select the "rapp_user" role and set required to on.
8. Create an "Admin policy", select the "rapp_admin" role and set required to on.
9. In the permission section, create a "Scope Based" permission -  for resouce choose the "Rapp resource" created earlier, scope should be set to view and select the "View Policy" for policy.
10. Create another "Scope Based" permission -  for resouce choose the "Rapp resource" created earlier, scope should be set to create, edit and delete and select the "Admin Policy" for policy.

...