[keycloak-user] Exclude a user with realm-management role from keycloak's password policy
Fateh
fateh.alchhabi at gmail.com
Tue Mar 19 09:17:32 EDT 2019
Hi Firoz
Thanks for the answer, but I could not achieve the expected result
First of all, I am using Keycloak-4.4.0.Final and I could not find Role
Mappings tab for the client
Here the steps I followed :
- I went to Master realm create user *sysAdmin* then on the left from
the user page >> Role Mapping >> Client Roles >> in the drop menu I found
the client from the Master realm only but not from the other realms. So I
assigned to the master-realm all the roles inside
- in the other realm I have a client with those values
<secure-deployment name="WAR MODULE NAME.war">
<realm>Nosg-Realm</realm>
<auth-server-url>http://localhost:8180/auth</auth-server-url>
<ssl-required>EXTERNAL</ssl-required>
<resource>whereoil-rest-api</resource>
<credential
name="secret">4ab9fac1-xxxxxxx-xxxxxxx-xxxxxxxxxx</credential>
<use-resource-role-mappings>true</use-resource-role-mappings>
</secure-deployment>
- I am using Java client to fetch all user and roles list via this code
Keycloak keycloak = KeycloakBuilder.builder()
.serverUrl("http://localhost:8180/auth")
.realm("Nosg-Realm")
.grantType(OAuth2Constants.PASSWORD)
.clientId("whereoil-rest-api")
.clientSecret(" 4ab9fac1-xxxxxxx-xxxxxxx-xxxxxxxxxx ")
.username("sysadmin") //master Realm user
.password("xxxxx")
.build();
RealmResource realmResource = keycloak.realm("Nosg-Realm");
realmResource.users().search("User from Nosg-Realm");
I hope this could clarify it more
Best regards
Fateh Alchhabi
On Fri, Mar 15, 2019 at 2:11 PM Firoz Ahamed <firozpalapra at outlook.com>
wrote:
> Hi,
>
>
>
> You could create a new user in the master realm and assign the Realm
> management roles for the specific realm using the Role Mappings tab ->
> Client Role . In order to manage the other realm, get the token for the
> newly created user from the master realm and then send that token in your
> API calls.
>
>
>
> The ability to assign realm management for other realms is only available
> for users in the master realm.
>
>
>
> Hope this helps.
>
>
>
> Sent from Mail <https://go.microsoft.com/fwlink/?LinkId=550986> for
> Windows 10
>
>
> ------------------------------
> *From:* keycloak-user-bounces at lists.jboss.org <
> keycloak-user-bounces at lists.jboss.org> on behalf of Fateh <
> fateh.alchhabi at gmail.com>
> *Sent:* Friday, March 15, 2019 6:25:25 PM
> *To:* keycloak-user at lists.jboss.org
> *Subject:* [keycloak-user] Exclude a user with realm-management role from
> keycloak's password policy
>
> Problem: I have a user with Client Roles realm-management in a realm called
> xx which contains password policy.
> I want to exclude this user from the password policy since this user
> responsible to fetch the roles, users and do some updates via Java API
> and I don't want all the operation to stop until we update the user
> password
> when the password policy triggered
>
> Ps. I tried to use the admin user from the master realms I could n't get
> data out of the master realm
>
>
> I would appreciate any Help or ideas?
>
>
>
> --
> Sent from: http://keycloak-user.88327.x6.nabble.com/
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list