<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/4.6.6">
</HEAD>
<BODY>
Thanks very much. Will jump to it.<BR>
<BR>
<BR>
On Mon, 2015-08-03 at 10:00 -0400, Bill Burke wrote:
<BLOCKQUOTE TYPE=CITE>
<PRE>
Sorry, its this:
<A HREF="http://keycloak.github.io/docs/rest-api/admin/realms/%7Brealm%7D/users/%7Bid%7D/role-mappings/realm/index.html#POST">http://keycloak.github.io/docs/rest-api/admin/realms/%7Brealm%7D/users/%7Bid%7D/role-mappings/realm/index.html#POST</A>
On 8/3/2015 9:51 AM, Bill Burke wrote:
<FONT COLOR="#737373">> <A HREF="http://keycloak.github.io/docs/rest-api/admin/realms/%7Brealm%7D/users/%7Bid%7D/role-mappings/clients/%7Bclient%7D/index.html">http://keycloak.github.io/docs/rest-api/admin/realms/%7Brealm%7D/users/%7Bid%7D/role-mappings/clients/%7Bclient%7D/index.html</A></FONT>
<FONT COLOR="#737373">></FONT>
<FONT COLOR="#737373">> On 8/3/2015 9:48 AM, Edem Morny wrote:</FONT>
<FONT COLOR="#737373">>> Hi,</FONT>
<FONT COLOR="#737373">>></FONT>
<FONT COLOR="#737373">>> Sorry Bill, I think I'm confusing matters here. The AdminClient I'm</FONT>
<FONT COLOR="#737373">>> referring to is not the keycloak-admin-client.jar but rather a</FONT>
<FONT COLOR="#737373">>> combination of insights from</FONT>
<FONT COLOR="#737373">>> <A HREF="https://github.com/keycloak/keycloak/blob/master/examples/demo-template/admin-access-app/src/main/java/org/keycloak/example/AdminClient.java">https://github.com/keycloak/keycloak/blob/master/examples/demo-template/admin-access-app/src/main/java/org/keycloak/example/AdminClient.java</A></FONT>
<FONT COLOR="#737373">>> and from the documentation in the user guide.</FONT>
<FONT COLOR="#737373">>></FONT>
<FONT COLOR="#737373">>> That means I'm constructing the URLs myself to invoke the operation. I</FONT>
<FONT COLOR="#737373">>> intend to move to the keycloak-admin-client in the future though.</FONT>
<FONT COLOR="#737373">>></FONT>
<FONT COLOR="#737373">>> I can't find the corresponding REST url(s) to invoke to achieve the same</FONT>
<FONT COLOR="#737373">>> results as you describe in your response below. I think that's what I need.</FONT>
<FONT COLOR="#737373">>> Cheers.</FONT>
<FONT COLOR="#737373">>></FONT>
<FONT COLOR="#737373">>></FONT>
<FONT COLOR="#737373">>> On Mon, 2015-08-03 at 09:13 -0400, Bill Burke wrote:</FONT>
<FONT COLOR="#737373">>>> If you're just using the admin client interfaces its:</FONT>
<FONT COLOR="#737373">>>></FONT>
<FONT COLOR="#737373">>>> realm("realm").users().get("user-id").roles().realmLevel().add(List<RoleRepresentation></FONT>
<FONT COLOR="#737373">>>> rolesToAdd)</FONT>
<FONT COLOR="#737373">>>></FONT>
<FONT COLOR="#737373">>>> On 8/3/2015 9:07 AM, Edem Morny wrote:</FONT>
<FONT COLOR="#737373">>>>> Hi Bill,</FONT>
<FONT COLOR="#737373">>>>></FONT>
<FONT COLOR="#737373">>>>> The adminClient.createUser is my modification of the code situated in</FONT>
<FONT COLOR="#737373">>>>> the AdminClient implementation of the "admin-access-app" in the</FONT>
<FONT COLOR="#737373">>>> examples.</FONT>
<FONT COLOR="#737373">>>>></FONT>
<FONT COLOR="#737373">>>>> Could you point me in the direction of the API calls to do the addition</FONT>
<FONT COLOR="#737373">>>>> of the roles? I had a feeling it might be a subsequent step (like for</FONT>
<FONT COLOR="#737373">>>>> setting the password, which I actually implemented), but I'm struggling</FONT>
<FONT COLOR="#737373">>>>> to find any pointers as to how to do this particular one.</FONT>
<FONT COLOR="#737373">>>>></FONT>
<FONT COLOR="#737373">>>>></FONT>
<FONT COLOR="#737373">>>>> On Mon, 2015-08-03 at 08:36 -0400, Bill Burke wrote:</FONT>
<FONT COLOR="#737373">>>>>> Is adminClient.createUser(...) your own method? There is a different</FONT>
<FONT COLOR="#737373">>>>>> REST API for adding roles.</FONT>
<FONT COLOR="#737373">>>>>></FONT>
<FONT COLOR="#737373">>>>>> create the user</FONT>
<FONT COLOR="#737373">>>>>> then add the roles</FONT>
<FONT COLOR="#737373">>>>>></FONT>
<FONT COLOR="#737373">>>>>> On 8/3/2015 8:23 AM, Edem Morny wrote:</FONT>
<FONT COLOR="#737373">>>>>>> Hi,</FONT>
<FONT COLOR="#737373">>>>>>></FONT>
<FONT COLOR="#737373">>>>>>> We're currently using Keycloak 1.2.0.Final.</FONT>
<FONT COLOR="#737373">>>>>>></FONT>
<FONT COLOR="#737373">>>>>>> We are migrating users from an existing application with it's own</FONT>
<FONT COLOR="#737373">>>> user</FONT>
<FONT COLOR="#737373">>>>>>> management implementation to Keycloak, and have been making extensive</FONT>
<FONT COLOR="#737373">>>>>>> use of the Via the REST api to achieve this. I'm able to create a new</FONT>
<FONT COLOR="#737373">>>>>>> user, set their temporary password and so on. However, I'm</FONT>
<FONT COLOR="#737373">>>> finding that</FONT>
<FONT COLOR="#737373">>>>>>> all our attempts to add the roles to the created user seem not to be</FONT>
<FONT COLOR="#737373">>>>>>> taking effect when we observe the newly created user on the keycloak</FONT>
<FONT COLOR="#737373">>>>>>> side. Here's the code we are trying to use to do this</FONT>
<FONT COLOR="#737373">>>>>>></FONT>
<FONT COLOR="#737373">>>>>>> UserRepresentation user = new UserRepresentation();</FONT>
<FONT COLOR="#737373">>>>>>> user.setUsername(username);</FONT>
<FONT COLOR="#737373">>>>>>> user.setFirstName(employee.getFirstName());</FONT>
<FONT COLOR="#737373">>>>>>> user.setLastName(employee.getLastName());</FONT>
<FONT COLOR="#737373">>>>>>> user.setEmail(employee.getEmail());</FONT>
<FONT COLOR="#737373">>>>>>> user.setEnabled(true);</FONT>
<FONT COLOR="#737373">>>>>>> user.setEmailVerified(false);</FONT>
<FONT COLOR="#737373">>>>>>> List<String> requiredActions = new ArrayList<>();</FONT>
<FONT COLOR="#737373">>>>>>> requiredActions.add(UserModel.RequiredAction.UPDATE_PASSWORD.name());</FONT>
<FONT COLOR="#737373">>>>>>> *List<String> userRoles = getMigrateRoles(employee);*</FONT>
<FONT COLOR="#737373">>>>>>> * user.setRealmRoles(userRoles);*</FONT>
<FONT COLOR="#737373">>>>>>> user.setRequiredActions(requiredActions);</FONT>
<FONT COLOR="#737373">>>>>>> adminClient.createUser(settings.getKeycloackUrl(),</FONT>
<FONT COLOR="#737373">>>>>> settings.getRealm(), access, user);</FONT>
<FONT COLOR="#737373">>>>>>></FONT>
<FONT COLOR="#737373">>>>>>> It seams setting the list of roles to the Realm Roles isn't enough to</FONT>
<FONT COLOR="#737373">>>>>>> the user with these roles. The user gets created alright, but doesn't</FONT>
<FONT COLOR="#737373">>>>>>> come with any roles. Is there any other means by which we can specify</FONT>
<FONT COLOR="#737373">>>>>>> the user roles during the process of account creation?</FONT>
<FONT COLOR="#737373">>>>>>></FONT>
<FONT COLOR="#737373">>>>>>> The migration will be very tedious if we ask the administrators to</FONT>
<FONT COLOR="#737373">>>>>>> manually do the assignment of the user to their roles after our</FONT>
<FONT COLOR="#737373">>>> current</FONT>
<FONT COLOR="#737373">>>>>>> implementation of being able to automatically migrate the user</FONT>
<FONT COLOR="#737373">>>> accounts</FONT>
<FONT COLOR="#737373">>>>>>> themselves to keycloak.</FONT>
<FONT COLOR="#737373">>>>>>></FONT>
<FONT COLOR="#737373">>>>>>></FONT>
<FONT COLOR="#737373">>>>>>> _______________________________________________</FONT>
<FONT COLOR="#737373">>>>>>> keycloak-user mailing list</FONT>
<FONT COLOR="#737373">>>>>>> <A HREF="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</A></FONT>
<FONT COLOR="#737373">>>> <<A HREF="mailto:keycloak-user@lists.jboss.org">mailto:keycloak-user@lists.jboss.org</A>></FONT>
<FONT COLOR="#737373">>>> <<A HREF="mailto:keycloak-user@lists.jboss.org">mailto:keycloak-user@lists.jboss.org</A>></FONT>
<FONT COLOR="#737373">>>>>>> <A HREF="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</A></FONT>
<FONT COLOR="#737373">>>>>>></FONT>
<FONT COLOR="#737373">>>>>></FONT>
<FONT COLOR="#737373">>>>></FONT>
<FONT COLOR="#737373">>>>></FONT>
<FONT COLOR="#737373">>>>> _______________________________________________</FONT>
<FONT COLOR="#737373">>>>> keycloak-user mailing list</FONT>
<FONT COLOR="#737373">>>>> <A HREF="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</A> <<A HREF="mailto:keycloak-user@lists.jboss.org">mailto:keycloak-user@lists.jboss.org</A>></FONT>
<FONT COLOR="#737373">>>>> <A HREF="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</A></FONT>
<FONT COLOR="#737373">>>>></FONT>
<FONT COLOR="#737373">>>></FONT>
<FONT COLOR="#737373">></FONT>
</PRE>
</BLOCKQUOTE>
</BODY>
</HTML>