I'm currently trying to configure a Tomcat 8 web application to use Keycloak as it's identity provider. I followed the instructions on the official keycloak documentation and also added the user roles 'user' to my Keycloak Realm that the user should have to get access to the web-app. In the web.xml i also added this role to the auth-constraint. Here's my web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>Customers</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>this is ignored currently</realm-name>
</login-config>
<security-role>
<role-name>user</role-name>
</security-role>
When i try to access a path (/*) tomcat successfully redirects me to the keycloak login page. But after logging in with an user that has the user role assigned, i only get the following error in my browser:
HTTP Status 403 – Forbidden - The server understood the request but refuses to authorize it
I'm expecting to be successfully redirected as the logged in user has the role that is given in the web.xml.
