[keycloak-user] REST API: Create User With Roles

Bill Burke bburke at redhat.com
Mon Aug 3 08:36:24 EDT 2015 

Is adminClient.createUser(...) your own method?  There is a different 
REST API for adding roles.

create the user
then add the roles

On 8/3/2015 8:23 AM, Edem Morny wrote:
> Hi,
>
> We're currently using Keycloak 1.2.0.Final.
>
> We are migrating users from an existing application with it's own user
> management implementation to Keycloak, and have been making extensive
> use of the Via the REST api to achieve this. I'm able to create a new
> user, set their temporary password and so on. However, I'm finding that
> all our attempts to add the roles to the created user seem not to be
> taking effect when we observe the newly created user on the keycloak
> side. Here's the code we are trying to use to do this
>
> 	    UserRepresentation user = new UserRepresentation();
>              user.setUsername(username);
>              user.setFirstName(employee.getFirstName());
>              user.setLastName(employee.getLastName());
>              user.setEmail(employee.getEmail());
>              user.setEnabled(true);
>              user.setEmailVerified(false);
>              List<String> requiredActions = new ArrayList<>();
>              requiredActions.add(UserModel.RequiredAction.UPDATE_PASSWORD.name());
>              *List<String> userRoles = getMigrateRoles(employee);*
> *             user.setRealmRoles(userRoles);*
>              user.setRequiredActions(requiredActions);
> 	    adminClient.createUser(settings.getKeycloackUrl(), settings.getRealm(), access, user);
>
> It seams setting the list of roles to the Realm Roles isn't enough to
> the user with these roles. The user gets created alright, but doesn't
> come with any roles. Is there any other means by which we can specify
> the user roles during the process of account creation?
>
> The migration will be very tedious if we ask the administrators to
> manually do the assignment of the user to their roles after our current
> implementation of being able to automatically migrate the user accounts
> themselves to keycloak.
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

More information about the keycloak-user mailing list