[keycloak-user] role-mappings.

Vaclav Havlik Johny.Dee at seznam.cz
Wed Feb 27 09:06:32 EST 2019


Thank you. It helped to put clientID instead of clientName . So this helped 
for HTTP GET.

But when I do HTTP POST to assign roles to a user on the  client realm-
management (id = 6c168708-18bd-4453-8b1e-8dc36223d5bd), then
I get HTTP 404.

I am attaching Wireshark communication with first GET (200) and then POST 
(404).

Could you pls tell me again? Venca.


---------- Původní e-mail ----------
Od: Martin Kanis <mkanis at redhat.com>
Komu: Vaclav Havlik <Johny.Dee at seznam.cz>
Datum: 26. 2. 2019 15:31:45
Předmět: Re: [keycloak-user] role-mappings. 
"Hi, 

first of all the last part of your path should be client's id not name. 
This might be sometimes confusing. Here is the example of valid path: 

http://localhost:8080/auth/admin/realms/master/users/be1b9781-336a-4e60-9694
-c5be74eac7b3/role-mappings/clients/c9cb881f-4e21-4e4b-8de1-f39897088b61 
" 

Second you have to provide a valid authorization to your request. For 
example using a bearer token. 

curl -X GET -H "Content-Type:application/json" -H "Authorization: Bearer 
<here_provide_valid_access_token>" "correct/path/from/above". 

To obtain an access token using the grant_type password (there are other 
alternatives as well) you can use: 

curl -X POST --data 
"grant_type=password&client_id=admin-cli&username=admin&password=admin" -H 
"Content-Type: application/x-www-form-urlencoded" " 
http://localhost:8080/auth/realms/master/protocol/openid-connect/token" 

Hope this helps, 

Martin 



On Tue, Feb 26, 2019 at 11:15 AM Vaclav Havlik <Johny.Dee at seznam.cz> wrote: 

> Hello, 
> can I ask you again? 
> 
> I would like do assign some specific roles (view-realm, manage-users) on 
> the 
> client realm-management to a user . 
> 
> Via REST API, I cannot, however, even display the role-mappings by doing 
> HTTP GET on 
> /auth/admin/realms/xxx/users/4c0f445a-53e9-45c2-a9c9-a8ac69bb5b48/role- 
> mappings/clients/realm-management 
> 
> (Gives HTTP 404, xxx is my realm). 
> 
> But, if I take my own client, whose name is web_app, then the request 
> /auth/admin/realms/xxx/users/4c0f445a-53e9-45c2-a9c9-a8ac69bb5b48/role- 
> mappings/clients/web_app 
> 
> works (HTTP 200), giving empty array. 
> 
> When doing this, I follow instructions on 
> https://www.keycloak.org/docs-api/4.0/rest-api/index.html#_client_role_ 
> mappings_resource 
> 
> Can you tell me, what the problem is? 
> Thank you, Venca. 
> _______________________________________________ 
> keycloak-user mailing list 
> keycloak-user at lists.jboss.org 
> https://lists.jboss.org/mailman/listinfo/keycloak-user 
> 
_______________________________________________ 
keycloak-user mailing list 
keycloak-user at lists.jboss.org 
https://lists.jboss.org/mailman/listinfo/keycloak-user 
"
-------------- next part --------------


GET /auth/admin/realms/xxxrealm/users/6d117250-e8eb-4b84-a046-4eede0f03698/role-mappings/clients/6c168708-18bd-4453-8b1e-8dc36223d5bd HTTP/1.1
TE: deflate,gzip;q=0.3
Connection: TE, close
Authorization: Bearer eyJhbGciOiJSUzI1NiIsI............
Host: 10.0.206.31:18080
User-Agent: libwww-perl/6.08

HTTP/1.1 200 OK
Connection: keep-alive
Cache-Control: no-cache
Content-Type: application/json
Content-Length: 385
Date: Wed, 27 Feb 2019 13:47:24 GMT

[]









POST /auth/admin/realms/xxxrealm/users/6d117250-e8eb-4b84-a046-4eede0f03698/role-mappings/clients/6c168708-18bd-4453-8b1e-8dc36223d5bd HTTP/1.1
TE: deflate,gzip;q=0.3
Connection: TE, close
Authorization: Bearer eyJhbGciOiJSUzI1NiIsI.......
Host: 10.0.206.31:18080
User-Agent: libwww-perl/6.08
Content-Length: 71
Content-Type: application/json

[
   {
      "clientRole" : "true",
      "name" : "view-realm"
   }
]
HTTP/1.1 404 Not Found
Connection: keep-alive
Content-Length: 0
Date: Wed, 27 Feb 2019 13:47:24 GMT




More information about the keycloak-user mailing list