[keycloak-user] How to assign client roles to realm admin

Tue May 24 04:20:06 EDT 2016

Thanks for the prompt answer.

I looked into the CompositeRoleTest below, especially on the addClientLevelScopeMapping method.

However I don't think it's what I am looking for, I would like to create an admin user on the master realm and assign all the available client (another realm) roles for him.
So in the test it is not clear what are the target and source clients in my case.

Going back to my code sample below, can you please advise if this is the correct way to add the client roles and how can I get all the available ones ?

realm.users().get(user.getKeyCloakId()).roles().clientLevel(tenantId + "-realm").add();

Thanks,
Haim.

-----Original Message-----
Message: 1
Date: Mon, 23 May 2016 10:10:55 -0400
From: Stan Silvert <ssilvert at redhat.com>
Subject: Re: [keycloak-user] How to assign client roles to realm admin
user programmatically
To: keycloak-user at lists.jboss.org
Message-ID: <57430F6F.1030003 at redhat.com>
Content-Type: text/plain; charset="iso-8859-1"

Assigning roles with the admin client is rather tricky.  I just finished migrating a test where I had to assign all kinds of roles.  I think you'll probably find what you are looking for:
https://github.com/keycloak/keycloak/blob/master/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java

On 5/23/2016 9:58 AM, Haim Vana wrote:
>
> Hi,
>
> I am trying to create admin user for a specific realm
> programmatically, I am able to create the user, however I can't assign
> the realm client roles to it.
>
> For example in the UI I would go to the user 'Role Mappings'  choose
> the realm client role and move the required roles from the Available
> section to the Assigned.
>
> When I try to it programmatically I am getting 404, my code is below,
> note that I am getting 404 on the last line -
> adminUserClientRole.listAvailable())
>
> createUserAndPsw(keyCloakClient, *"master"*, user); RealmResource
> realm = keyCloakClient.realm(*"master"*); UserResource userResource =
> realm.users().get(user.getKeyCloakId());
> RoleMappingResource roles = userResource.roles(); RoleScopeResource
> adminUserClientRole = roles.clientLevel(tenantId + *"-realm"*);
>
>
> adminUserClientRole.add(adminUserClientRole.listAvailable());
>
> Any advice will be appreciated.
>
> Thanks,
>
> Haim.
>
> The information contained in this message is proprietary to the
> sender, protected from disclosure, and may be privileged. The
> information is intended to be conveyed only to the designated
> recipient(s) of the message. If the reader of this message is not the
> intended recipient, you are hereby notified that any dissemination,
> use, distribution or copying of this communication is strictly
> prohibited and may be unlawful. If you have received this
> communication in error, please notify us immediately by replying to
> the message and deleting it from your computer. Thank you.
>
>
> _______________________________________________
The information contained in this message is proprietary to the sender, protected from disclosure, and may be privileged. The information is intended to be conveyed only to the designated recipient(s) of the message. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, use, distribution or copying of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you.