Keycloak authenticate users with no role

2
votes

I would like to be able to authenticate requests where the user has no role assigned.

I'm using keycloak core and tomcat adapter to authenticate. Keycloak constraints are specified in the web.xml like:

  <security-role>
    <role-name>L1</role-name>
</security-role>

<security-constraint>
    <web-resource-collection>
        <web-resource-name>applicant-login-required</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>L1</role-name>
    </auth-constraint>
</security-constraint>

I have tried a number of things like removing auth-constraint and security-role or changing to 

<auth-constraint>
  <role-name>*</role-name>
</auth-constraint>

but this is not authenticating anyone any more

1
authenticationtomcatkeycloak
Could you show the full web.xml? What about the login-config? Did you follow this doc: keycloak.org/docs/latest/securing_apps/… ? Content of keycloak.json ? - cdan
did you ever find an answer to this question? - ali haider
no, I don't think it's possible. All users have to be assigned a role. - D.Rees

1 Answers

0
votes

Although I could not find documentation to confirm this, I think it's impossible to authenticate users with no role. All users should be assigned a role.