<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">I agree with improving the docs as
you're not alone who ran into this kind of issue with admin REST
API. Can you please create JIRA for this and link with this
discussion?<br>
<br>
Thanks,<br>
Marek<br>
<br>
<br>
On 09/08/16 15:19, Tom Pearson wrote:<br>
</div>
<blockquote
cite="mid:CALHbiGLJ_JC_oQU5Uu7+6F1OwjR0sS5U95r7eoBqDi0KcZXp+A@mail.gmail.com"
type="cite">
<div dir="ltr">I ran into the same issue with the realm roles. The
problem is that the documentation for methods such as <a
moz-do-not-send="true"
href="http://www.keycloak.org/docs/rest-api/index.html#_get_represenation_of_the_user">getUser</a> should
make it clear that the UserRepresentation returns only a subset
of the fields. The same goes for creating a user - certain
fields in the UserRepresentation such as roles, password are
ignored. </div>
<div class="gmail_extra"><br>
<div class="gmail_quote">2016-08-09 15:04 GMT+02:00 Marek
Posolda <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><span class="">
<div>On 09/08/16 11:48, NEMECKAY Marek wrote:<br>
</div>
<blockquote type="cite"> <font face="Calibri" size="2"><span
style="font-size:11pt">
<div>Dear all,</div>
<div> </div>
<div>We are facing a problem with retrieving the
client roles from Keycloak. In our
implementation we are using the following API to
find a retrieve user data via username:</div>
<div><a moz-do-not-send="true"
href="http://www.keycloak.org/docs/rest-api/index.html#_get_users"
target="_blank"><font color="blue"><u>http://www.keycloak.org/docs/<wbr>rest-api/index.html#_get_users</u></font></a></div>
</span></font></blockquote>
</span><font color="blue"><font size="2"><font
face="Calibri"><u>It seems that you need different
admin REST endpoint to get the client role
mappings of user. It's this one : </u></font></font></font><br>
<pre>GET /admin/realms/{realm}/users/{<wbr>id}/role-mappings/clients/{<wbr>client}
Marek
</pre>
<blockquote type="cite"><span class=""><font face="Calibri" size="2"><span style="font-size:11pt">
<div> </div>
<div>In the retrieved <a moz-do-not-send="true" href="http://www.keycloak.org/docs/rest-api/index.html" target="_blank"><font color="blue"><u>UserRepresentation</u></font></a> object
instance the property clientRoles is always null. We are
using Keycloak 1.9.8 connected to a LDAP server for user
federation. We are connecting a receiving the access token
with a admin-user of the corresponding realm. This works
just fine. We are also receiving user data like name, e-mail
etc., but the client roles are always null. The mappers to
sync roles between Keycloak
and LDAP are also defined and working. </div>
<div> </div>
<div>Is there anything else we have overlooked or we should
check?</div>
<div> </div>
<div>Thanks and BR,</div>
<div>Marek</div>
<div> </div>
</span></font>
<fieldset></fieldset>
</span><pre>______________________________<wbr>_________________
keycloak-user mailing list
<a moz-do-not-send="true" href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a moz-do-not-send="true" href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/<wbr>mailman/listinfo/keycloak-user</a></pre>
</blockquote>
</div>
______________________________<wbr>_________________
keycloak-user mailing list
<a moz-do-not-send="true" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a moz-do-not-send="true" href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/<wbr>mailman/listinfo/keycloak-user</a>
</blockquote></div>
</div>
</blockquote>
</body></html>