Just tried it and the returned json for a user is:

   {"id":"354094d6-8b32-4c32-b1ae-ccd82c5fdca3","createdTimestamp":1443710165680,"username":"admin","enabled":true,"totp":false,"emailVerified":false,"attributes":{"locale":["en"]},"requiredActions":[]}

Which doesn't include the roles field. So this is shown because the way you are printing the user, not because it's included on the wire.

On 1 October 2015 at 16:34, Stian Thorgersen <sthorger@redhat.com> wrote:
Is that the json sent on the wire, or is it after you've marshalled it to UserRepresentation and then printed it back again?

On 1 October 2015 at 15:34, Remi Cartier <remi.cartier@imetrik.com> wrote:
yes,

I can see :

[
    {
        "applicationRoles": null,
        "attributes": {
            "key1": [
                "value1"
            ]
        },
        "clientConsents": null,
        "clientRoles": null,
        "createdTimestamp": 1443542144845,
        "credentials": null,
        "email": null,
        "emailVerified": true,
        "enabled": true,
        "federatedIdentities": null,
        "federationLink": null,
        "firstName": "first name",
        "id": "0556717e-ffb9-4c2d-b85b-533d9396f243",
        "lastName": "last name",
        "realmRoles": null,
        "requiredActions": [],
        "self": null,
        "serviceAccountClientId": null,
        "socialLinks": null,
        "totp": false,
        "username": "admin"
    }
]

when doing the query : GET /auth/admin/realms/imetrik/users?first=0&max=2147483647


REMI CARTIER

B.O.S.S. (Business & Operation Support Systems) P.O (Product Owner)

IMETRIK GLOBAL INC. 
T : +1 514 448-6407 x2009
T : +1 866 276-5382 (toll free) 
F : +1 514 904-0611 

740 Notre Dame St. West, Suite 1575 
Montreal, Quebec, Canada H3C 3X6 
imetrik.com

On Oct 1, 2015, at 2:49 AM, Stian Thorgersen <sthorger@redhat.com> wrote:

Sorry, I meant does it include the "roles" field?

On 30 September 2015 at 16:24, Remi Cartier <remi.cartier@imetrik.com> wrote:
The JSON response (string) does NOT contain any roles.

From: Stian Thorgersen [sthorger@redhat.com]
Sent: Wednesday, September 30, 2015 7:39 AM
To: Remi Cartier
Cc: Marek Posolda; keycloak-dev@lists.jboss.org

Subject: Re: [keycloak-dev] Admin REST - User Roles

Does the response actually contain the roles though? You're parsing to UserRepresentation then printing it out afterwards.

On 30 September 2015 at 13:24, Remi Cartier <remi.cartier@imetrik.com> wrote:
Marek,

I see, thank you for your reply.

Wouldn't it be less error/question prone if the endpoint returning all the users wouldn't show the *roles attributes ?
Because they will always be null if I understood correctly.

Regards.

Rémi.

From: Marek Posolda [mposolda@redhat.com]
Sent: Wednesday, September 30, 2015 6:21 AM
To: Remi Cartier; keycloak-dev@lists.jboss.org
Subject: Re: [keycloak-dev] Admin REST - User Roles

Hi,

to retrieve realm role mappings of user, you need to use the endpoint like http://localhost:8080/auth/admin/realms/demo/users/{userid}/role-mappings/realm . See the docs for details: http://keycloak.github.io/docs/rest-api/overview-index.html

Marek

On 29/09/15 19:06, Remi Cartier wrote:
Hi guys,

first of all, thank you for that great piece of software, it’s amazing !

Now, down to business.

When I do :

        keycloak = Keycloak.getInstance(getKeycloakServerURL(), getKeycloakRealm(), getKeycloakRealmAdminUsername(), getKeycloakRealmAdminPassword(), getKeycloakClientId());
        for (UserRepresentation userRepresentation : keycloak.realm(getKeycloakRealm()).users().search(null, 0, Integer.MAX_VALUE)) {
            log.info(ToStringBuilder.reflectionToString(userRepresentation, ToStringStyle.JSON_STYLE));
        }

The information I get does not contain any roles, all the roles related fields are ‘null’. - 

{"self":null,"id":"0556717e-ffb9-4c2d-b85b-533d9396f243","createdTimestamp":1443542144845,"username":"admin","enabled":true,"totp":false,"emailVerified":true,"firstName":"first name","lastName":"last name","email":null,"federationLink":null,"serviceAccountClientId":null,"attributes":{key1=[value1]},"credentials":null,"requiredActions":[],"federatedIdentities":null,"realmRoles":null,"clientRoles":null,"clientConsents":null,"applicationRoles":null,"socialLinks":null}
However in the admin interface I have setup roles at each layer : realm, client

The user I am using to do the queries has all the *realm* roles associated.

is there anything else I need to do ?

thank you for your help !


REMI CARTIER

B.O.S.S. (Business & Operation Support Systems) P.O (Product Owner)

IMETRIK GLOBAL INC. 
T : +1 514 448-6407 x2009
T : +1 866 276-5382 (toll free) 
F : +1 514 904-0611 

740 Notre Dame St. West, Suite 1575 
Montreal, Quebec, Canada H3C 3X6 
imetrik.com 



_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev


_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev