[keycloak-user] Keycloak Admin REST API not updating user.federatedIdentities attribute
Dmitry Telegin
dt at acutus.pro
Wed Aug 1 20:36:37 EDT 2018
Hi Daniel,
On Wed, 2018-08-01 at 11:32 +0200, Daniel Teixeira wrote:
> Wonderful, thank you! I should have read better the docs.
> Yes you remember correctly Dmitry, I am familiar with creating a custom module now :)
You're welcome :)
> Thanks for the trick with Firebug Marek. It will be useful in the future :) Actually I tried that trick, on the "account" interface, but the "account" interface does not use a rest api, correct?
I hope Marek forgives me if I answer on his behalf :) well, Account actually uses REST endpoint, but it not a part of Admin REST API.
The endpoint lives in org.keycloak.services.resources.account.AccountRestService (keycloak-services module), so you can examine it.
> For example I don't want the user to update its password / firstName / lastName (because those fields come from LDAP) and I wanted to double-check if commenting / disabling those fields on custom ftl templates is enough or do I need to disable / comment something on the backend as well? On realm settings -> login. There is only the option "edit username", but no option for "edit firstName / edit lastName / edit password"....
>From the AccountRestService code we can deduce that there is no way ATM to selectively disable updating firstName / lastName / password.
But do I get it right that you simply want a read-only version of the Account GUI? Then I think there is a solution for your case, let me know.
Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info at acutus.pro
>
>
> > On Tue, Jul 31, 2018 at 10:38 PM, Dmitry Telegin <dt at acutus.pro> wrote:
> > Hi Daniel,
> >
> > That's what you can do with federated identities currently:
> >
> > GET /auth/admin/realms/{realm}/users/{user}/federated-identity - list federated identities configured for the user
> > POST /auth/admin/realms/{realm}/users/{user}/federated-identity/{provider} - create a new federated identity
> > DELETE /auth/admin/realms/{realm}/users/{user}/federated-identity/{provider} - remove federated identity
> >
> > https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java#L363
> >
> > Updating federated entities with PUT is not supported yet. Feel free to
> > file an RFE in JIRA for that.
> >
> > Meanwhile, you can implement this missing piece as a custom REST
> > resource and deploy it to your Keycloak. If I remember correctly, you
> > should be already familiar with the process :)
> >
> > Good luck!
> > Dmitry Telegin
> > CTO, Acutus s.r.o.
> > Keycloak Consulting and Training
> >
> > Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
> > +42 (022) 888-30-71
> > E-mail: info at acutus.pro
> >
> > On Tue, 2018-07-31 at 17:41 +0200, Daniel Teixeira wrote:
> > > I would like to update (and ideally create) the federatedIdentities
> > > attribute of a user using the Admin Rest API, but it seems like this does
> > > not work / or it is not supported?
> > >
> > > I am able to update normal user attributes but not the federatedIdentities.
> > >
> > > Is this a bug or is it supposed to be like this?
> > >
> > > Is there a different way to do this? (Of course I could do an insert into,
> > > in the database, but I would prefer to use the api...). I need to run this
> > > for more than 200 users...
> > >
> > > My code:
> > > https://github.com/ddtxra/python-console-keycloak-example/blob/master/admin-rest-api-update-user.py
> > > _______________________________________________
> > > keycloak-user mailing list
> > > keycloak-user at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
>
>
> --
> Daniel Teixeira
More information about the keycloak-user
mailing list