[keycloak-user] [External] Re: Use RestAPI to add roles to groups

Tue Nov 7 13:01:52 EST 2017

Hi Marko

Yes I’m going through the REST docs and trying to use them to programmatically setup my keycloak installation.
You are absolutely right of course, I have fired up dev tools and can now see at a glance precisely what network apis are being called and with what data.
Much easier now! ☺

Again many thanks for your time.

John

From: Marko Strukelj <mstrukel at redhat.com>
Date: Tuesday 7 November 2017 at 14:43
To: "O'Callaghan, John" <john.ocallaghan at accenture.com>
Cc: "keycloak-user at lists.jboss.org" <keycloak-user at lists.jboss.org>
Subject: [External] Re: [keycloak-user] Use RestAPI to add roles to groups

Are you using some documentation / examples or are you just doing trial and error to reverse engineer how to use REST API based on Admin REST Documentation?

In practice it's easiest to just activate developer tools in your browser and turn on request logging, then perform the desired operations in Admin Console, and check what JSON was sent and received.

Another option is Admin CLI docs containing recipes which are easy to translate into raw REST requests: http://www.keycloak.org/docs/latest/server_admin/topics/admin-cli.html<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.keycloak.org_docs_latest_server-5Fadmin_topics_admin-2Dcli.html&d=DwMFaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=MU_KJXJNiVzpKH9iO2oEENGKvd9j8rpJfiPNXLOJNiY&m=PLA-_Z0S8usQIMAp3swErorh-ZR6dgFk_HPz6SW80VI&s=xnV0ExtNdUZuYCUS2SoDb9DxfGsXI6nnVpB-68d-kKI&e=>.

Additionally, there are Admin REST API tests in our testsuite: https://github.com/keycloak/keycloak/tree/master/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_keycloak_keycloak_tree_master_testsuite_integration-2Darquillian_tests_base_src_test_java_org_keycloak_testsuite_admin&d=DwMFaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=MU_KJXJNiVzpKH9iO2oEENGKvd9j8rpJfiPNXLOJNiY&m=PLA-_Z0S8usQIMAp3swErorh-ZR6dgFk_HPz6SW80VI&s=_3KOqTTfMZPXUyQ8aHcWHiHYlE7gp7R_ZzDZdaKTHBU&e=>
They should cover most use-cases, but it may be a bit difficult to find exactly the thing you're looking for.

Our REST API Documentation is rather messy and not very helpful for many use cases. But since it's so easy to reverse engineer communication using Admin Console with request tracing enabled in your browser, the priority for improving REST API is pretty low ATM.

On Tue, Nov 7, 2017 at 12:58 PM, O'Callaghan, John <john.ocallaghan at accenture.com<mailto:john.ocallaghan at accenture.com>> wrote:

Hi all

A similar question to before. Am trying to use the rest api to add existing access roles to an existing group.
I have tried to use:

PUT /auth/admin/realms/REALM_NAME/groups/GROUP_ID
With data {'realmRoles': [LIST_OF_ROLES], 'id': gid}

Am getting a 204 back from PUT but when I look in the webui I am not seeing the assigned roles table getting updated for the group.

This is similar to a previous question I had (thanks again Marko for the response) and for fun I did try :
PUT /auth/admin/realms/REALM_ID/groups/GROUP_ID/roles/ROLE_ID
With data {'roleId': ROLE_ID, 'id': GROUP_ID, ‘realm’: REALM_NAME}

But that gave a 404.

Anyone else had this problem? Any help would be much appreciated!
Thanks
John

________________________________

This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy.
______________________________________________________________________________________

www.accenture.com<http://www.accenture.com>
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user<https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_mailman_listinfo_keycloak-2Duser&d=DwMFaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=MU_KJXJNiVzpKH9iO2oEENGKvd9j8rpJfiPNXLOJNiY&m=PLA-_Z0S8usQIMAp3swErorh-ZR6dgFk_HPz6SW80VI&s=SoOs4vugySY7GMmvO75FyrmEl_AL_1O3ldtdMAaIBaE&e=>