Access Denied? See Exactly Why.

Keymate gives you full visibility into every authorization decision — breaking down failed conditions, missing attributes, and invalid context. No more guessing. No more trial-and-error.

Understand Why Access Was Denied — Instantly.

How "Why Denied?" Analysis Works

When a policy blocks access, Keymate does not just say "denied" — it explains why. Every policy simulation and live evaluation is analyzed against the original DSL expression, and conditions are traced with status. Missing values, wrong types, and mismatched data are all shown in a clear result panel.

Example Breakdown

Policy DSL: user.department == "finance" && context.time < 1800. Input: { "user": { "department": "finance" }, "context": { "time": 2130 } }. Evaluation: user.department == "finance" (passed), context.time < 1800 (failed)

Why It's Unique in Keymate

Inline Condition Breakdown

Show which specific condition caused a denial.

Missing Attribute Detection

Warn when required fields are undefined or null.

Type Mismatch Handling

Catch and explain common errors (e.g. number vs string).

Full Simulation Panel

Test any policy with sample inputs and view a structured result breakdown.

CI/CD Compatible

Evaluate and validate policies during builds and deployments.

OpenAPI-Compatible Results

Integrate the output with Swagger / test frameworks for audit pipelines.

Frequently Asked Questions

It refers to visibility into why a user's request was denied by an access control engine. Keymate shows condition-level results with true/false status, helping you debug fast.

Audit logs show what happened. "Why Denied?" shows why — condition-by-condition. With Keymate, you don't have to reverse-engineer DSL logic.

Yes. Keymate includes a simulation console where you can test policies against mock or real token data, without triggering real-world effects.

Absolutely. There's a backend evaluation API (/evaluate) that lets you run batch tests during builds and validations.

How to Use This Feature

Follow these simple steps to debug any policy.

Debugging Steps

Open the simulation console in Admin UI

Select a policy or paste a DSL expression

Provide token/context values in JSON

Click "Evaluate" to simulate

View the result with per-condition breakdown

Export results to logs, CI, or audit

ELEVATE YOUR IAM STRATEGY

Ready to Transform Your Keycloak Experience?

Implement fine-grained authorization, multi-tenant infrastructure, and comprehensive security policies with Keymate — built on the Keycloak foundation you already trust.