[keycloak-user] Direct Access to KeyCloak
Marek Posolda
mposolda at redhat.com
Thu Aug 13 02:26:51 EDT 2015
Hi,
I think you're supposed to send the list of roles (JSON array), but
you're instead sending the object. I think the stuff like "realm", "id"
and "client" is not needed in your last request, just send the list of
roles instead.
Btv. you can take a look at docs
http://keycloak.github.io/docs/rest-api/admin/realms/%7Brealm%7D/users/%7Bid%7D/role-mappings/clients/%7Bclient%7D/index.html#POST
. What should help is also to install some plugin to decode requests to
your browser (like Firebug in Firefox) and then do some actions in
keycloak admin console (like assign some client role to some user) and
then analyze how the request for assign roles should look like, what's
the format of data etc. Admin console is angular application, which uses
REST requests to admin REST API under the hood.
Marek
On 12.8.2015 18:56, Christopher Davies wrote:
> I am trying to write a test harness for out application which uses
> KeyCloak.
> In order to run my tests I need to manipulate KeyCloak.
>
> I am able to get data out of KeyCloak using the REST API. However I am
> unclear what I should send to KeyCloak to change a setting.
>
> I was trying to set the role for a user and wrote the script at the
> bottom of the email.
>
> I get back an error of org.codehaus.jackson.map.JsonMappingException:
> Can not deserialize instance of java.util.ArrayList out of
> START_OBJECT token
> at [Source: io.undertow.servlet.spec.ServletInputStreamImpl at 73cda37e;
> line: 1, column: 1]
>
> I have obviously missed a key point in the format of my data, but
> cannot see what it is.
>
>
> Chris
>
>
>
>
> ---------------------------------------
> #!/bin/bash
>
> host=192.168.10.221:8088 <http://192.168.10.221:8088>
> realm=ATS-ci
>
>
> t=$(curl -X POST
> http://${host}/auth/realms/${realm}/protocol/openid-connect/token
> --data "username=${1}" --data "password=${2}" --data
> "grant_type=password" --data "client_id=client" 2>/dev/null | jq -r
> ".id_token")
>
> client=$(curl http://${host}/auth/admin/realms/${realm}/clients -H
> "Accept: application/json" -H "Authorization: Bearer ${t}" 2>/dev/null
> | jq -r ".[] | select(.name == \"client\").id")
> user=$(curl http://${host}/auth/admin/realms/${realm}/users -H
> "Accept: application/json" -H "Authorization: Bearer ${t}" 2>/dev/null
> | jq -r ".[] | select(.username == \"${3}\").id")
>
> echo ${client}
> echo ${user}
>
> echo "Roles"
> curl http://${host}/auth/admin/realms/${realm}/clients/${client}/roles \
> -H "Accept: application/json" \
> -H "Authorization: Bearer ${t}" 2>/dev/null | jq -r ".[] | {id, name }"
>
> echo ""
> echo "Roles:${3}"
> curl
> http://${host}/auth/admin/realms/${realm}/users/${user}/role-mappings/clients/${client}
> \
> -H "Accept: application/json" \
> -H "Authorization: Bearer ${t}" 2>/dev/null | jq -r ".[] | {id, name }"
>
>
> curl
> http://${host}/auth/admin/realms/${realm}/users/${user}/role-mappings/clients/${client}
> \
> -X POST \
> -H "Content-Type: application/json" \
> -H "Accept: application/json" \
> -H "Authorization: Bearer ${t}" \
> --data "{'realm': 'ATS-${realm}', 'id': '${user}', 'client':
> '${client}', '\$entity': [ 'operator' ] }"
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150813/d2b7a111/attachment-0001.html
More information about the keycloak-user
mailing list