[keycloak-user] ClientRoles property is empty in UserRepresentation

Marek Posolda mposolda at redhat.com
Tue Aug 9 09:27:33 EDT 2016 

I agree with improving the docs as you're not alone who ran into this 
kind of issue with admin REST API. Can you please create JIRA for this 
and link with this discussion?

Thanks,
Marek


On 09/08/16 15:19, Tom Pearson wrote:
> I ran into the same issue with the realm roles. The problem is that 
> the documentation for methods such as getUser 
> <http://www.keycloak.org/docs/rest-api/index.html#_get_represenation_of_the_user> should 
> make it clear that the UserRepresentation returns only a subset of the 
> fields. The same goes for creating a user - certain fields in the 
> UserRepresentation such as roles, password are ignored.
>
> 2016-08-09 15:04 GMT+02:00 Marek Posolda <mposolda at redhat.com 
> <mailto:mposolda at redhat.com>>:
>
>     On 09/08/16 11:48, NEMECKAY Marek wrote:
>>     Dear all,
>>     We are facing a problem with retrieving the client roles from
>>     Keycloak. In our implementation we are using the following API to
>>     find a retrieve user data via username:
>>     _http://www.keycloak.org/docs/rest-api/index.html#_get_users_
>>     <http://www.keycloak.org/docs/rest-api/index.html#_get_users>
>     _It seems that you need different admin REST endpoint to get the
>     client role mappings of user. It's this one : _
>
>     GET /admin/realms/{realm}/users/{id}/role-mappings/clients/{client}
>
>     Marek
>
>>     In the retrieved _UserRepresentation_
>>     <http://www.keycloak.org/docs/rest-api/index.html> object
>>     instance the property clientRoles is always null. We are using
>>     Keycloak 1.9.8 connected to a LDAP server for user federation. We
>>     are connecting a receiving the access token with a admin-user of
>>     the corresponding realm. This works just fine. We are also
>>     receiving user data like name, e-mail etc., but the client roles
>>     are always null. The mappers to sync roles between Keycloak and
>>     LDAP are also defined and working.
>>     Is there anything else we have overlooked or we should check?
>>     Thanks and BR,
>>     Marek
>>
>>     _______________________________________________
>>     keycloak-user mailing list
>>     keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>>     https://lists.jboss.org/mailman/listinfo/keycloak-user
>>     <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>     _______________________________________________ keycloak-user
>     mailing list keycloak-user at lists.jboss.org
>     <mailto:keycloak-user at lists.jboss.org>
>     https://lists.jboss.org/mailman/listinfo/keycloak-user
>     <https://lists.jboss.org/mailman/listinfo/keycloak-user> 
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160809/8f6558f5/attachment-0001.html

More information about the keycloak-user mailing list