[keycloak-user] REST API: Create User With Roles

Bill Burke bburke at redhat.com
Mon Aug 3 10:00:07 EDT 2015 

Sorry, its this:

http://keycloak.github.io/docs/rest-api/admin/realms/%7Brealm%7D/users/%7Bid%7D/role-mappings/realm/index.html#POST

On 8/3/2015 9:51 AM, Bill Burke wrote:
> http://keycloak.github.io/docs/rest-api/admin/realms/%7Brealm%7D/users/%7Bid%7D/role-mappings/clients/%7Bclient%7D/index.html
>
> On 8/3/2015 9:48 AM, Edem Morny wrote:
>> Hi,
>>
>> Sorry Bill, I think I'm confusing matters here. The AdminClient I'm
>> referring to is not the keycloak-admin-client.jar but rather a
>> combination of insights from
>> https://github.com/keycloak/keycloak/blob/master/examples/demo-template/admin-access-app/src/main/java/org/keycloak/example/AdminClient.java
>> and from the documentation in the user guide.
>>
>> That means I'm constructing the URLs myself to invoke the operation. I
>> intend to move to the keycloak-admin-client in the future though.
>>
>> I can't find the corresponding REST url(s) to invoke to achieve the same
>> results as you describe in your response below. I think that's what I need.
>> Cheers.
>>
>>
>> On Mon, 2015-08-03 at 09:13 -0400, Bill Burke wrote:
>>> If you're just using the admin client interfaces its:
>>>
>>> realm("realm").users().get("user-id").roles().realmLevel().add(List<RoleRepresentation>
>>> rolesToAdd)
>>>
>>> On 8/3/2015 9:07 AM, Edem Morny wrote:
>>>> Hi Bill,
>>>>
>>>> The adminClient.createUser is my modification of the code situated in
>>>> the AdminClient implementation of the "admin-access-app" in the
>>> examples.
>>>>
>>>> Could you point me in the direction of the API calls to do the addition
>>>> of the roles? I had a feeling it might be a subsequent step (like for
>>>> setting the password, which I actually implemented), but I'm struggling
>>>> to find any pointers as to how to do this particular one.
>>>>
>>>>
>>>> On Mon, 2015-08-03 at 08:36 -0400, Bill Burke wrote:
>>>>> Is adminClient.createUser(...) your own method? There is a different
>>>>> REST API for adding roles.
>>>>>
>>>>> create the user
>>>>> then add the roles
>>>>>
>>>>> On 8/3/2015 8:23 AM, Edem Morny wrote:
>>>>>> Hi,
>>>>>>
>>>>>> We're currently using Keycloak 1.2.0.Final.
>>>>>>
>>>>>> We are migrating users from an existing application with it's own
>>> user
>>>>>> management implementation to Keycloak, and have been making extensive
>>>>>> use of the Via the REST api to achieve this. I'm able to create a new
>>>>>> user, set their temporary password and so on. However, I'm
>>> finding that
>>>>>> all our attempts to add the roles to the created user seem not to be
>>>>>> taking effect when we observe the newly created user on the keycloak
>>>>>> side. Here's the code we are trying to use to do this
>>>>>>
>>>>>> UserRepresentation user = new UserRepresentation();
>>>>>> user.setUsername(username);
>>>>>> user.setFirstName(employee.getFirstName());
>>>>>> user.setLastName(employee.getLastName());
>>>>>> user.setEmail(employee.getEmail());
>>>>>> user.setEnabled(true);
>>>>>> user.setEmailVerified(false);
>>>>>> List<String> requiredActions = new ArrayList<>();
>>>>>> requiredActions.add(UserModel.RequiredAction.UPDATE_PASSWORD.name());
>>>>>> *List<String> userRoles = getMigrateRoles(employee);*
>>>>>> * user.setRealmRoles(userRoles);*
>>>>>> user.setRequiredActions(requiredActions);
>>>>>> adminClient.createUser(settings.getKeycloackUrl(),
>>>>> settings.getRealm(), access, user);
>>>>>>
>>>>>> It seams setting the list of roles to the Realm Roles isn't enough to
>>>>>> the user with these roles. The user gets created alright, but doesn't
>>>>>> come with any roles. Is there any other means by which we can specify
>>>>>> the user roles during the process of account creation?
>>>>>>
>>>>>> The migration will be very tedious if we ask the administrators to
>>>>>> manually do the assignment of the user to their roles after our
>>> current
>>>>>> implementation of being able to automatically migrate the user
>>> accounts
>>>>>> themselves to keycloak.
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> keycloak-user mailing list
>>>>>> keycloak-user at lists.jboss.org
>>> <mailto:keycloak-user at lists.jboss.org>
>>> <mailto:keycloak-user at lists.jboss.org>
>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

More information about the keycloak-user mailing list