问题
I am new to Keycloak. I have tried to get the user information using below code:
keycloakAuth.loadUserProfile().success(function(profile) { debugger console.log(profile); }).error(function(res) { debugger console.log('Failed to load profile'); });
installation json is :
{ "realm": "CheckRealm", "realm-public-key": "MIIBIjASDFJJK677132HJJAOCAQ8AMIIBCgKCAQEAgo4deAfr8BeqWOiCsddwMtH5nh8EK2cKIeInpt7LnoCyMsGj1HTP835HpslOURrR6Bgc42V7r6J/MIHqx3+KESTqpcQSe9ll6eUjzaMbIX2GPmy9OnviH6srUgOlDAKhL+/SDh/iv8RfErAPO9cxnoBWUUTyfyes1YRn34KILBdHZoaWk5mteJx9aV4bfA5tGTT6aF8o1NkCX1OUfXiaAD5sqKZV5vbI+QsOUsNshvGfE5JR2EpwZbWH/vRQVusxLURjC51v96ieQ8zUME5LwAQ0TgZcspHTb4Y+KuYRTuDQKuxRUYFeNbvqUGeT2s2sHMmWOQIDAQAB", "auth-server-url": "https://something.com/auth", "url": "https://something.com/auth", "ssl-required": "external", "resource": "sample-tracker", "clientId": "sample-tracker", "credentials": { "secret": "bnmbsdk87wq" } }
I got the mentioned error :Failed to load resource: the server responded with a status of 403 (Forbidden)
回答1:
To solve this situation you need to configure your keycloak or RedHat Single Sign-On (if you are using the supported version).
- Open the keycloak admin console, for example: http://localhost:8180/auth/admin. Then click on Configure > clients and select the account client. The account client must be enabled.
- Next, still in Configure > clients, select the client that you are trying to access and click on the scope tab. Add the view-profile role of account application.
- The user also needs to have this permission.
There is a resolved issue about this in https://issues.jboss.org/browse/LIVEOAK-204 .
来源:https://stackoverflow.com/questions/37469688/keycloak-403-forbidden-on-keycloak-loaduserprofile