If you're just using the admin client interfaces its: realm("realm").users().get("user-id").roles().realmLevel().add(List<RoleRepresentation> rolesToAdd) On 8/3/2015 9:07 AM, Edem Morny wrote: > Hi Bill, > > The adminClient.createUser is my modification of the code situated in > the AdminClient implementation of the "admin-access-app" in the examples. > > Could you point me in the direction of the API calls to do the addition > of the roles? I had a feeling it might be a subsequent step (like for > setting the password, which I actually implemented), but I'm struggling > to find any pointers as to how to do this particular one. > > > On Mon, 2015-08-03 at 08:36 -0400, Bill Burke wrote: >> Is adminClient.createUser(...) your own method? There is a different >> REST API for adding roles. >> >> create the user >> then add the roles >> >> On 8/3/2015 8:23 AM, Edem Morny wrote: >> > Hi, >> > >> > We're currently using Keycloak 1.2.0.Final. >> > >> > We are migrating users from an existing application with it's own user >> > management implementation to Keycloak, and have been making extensive >> > use of the Via the REST api to achieve this. I'm able to create a new >> > user, set their temporary password and so on. However, I'm finding that >> > all our attempts to add the roles to the created user seem not to be >> > taking effect when we observe the newly created user on the keycloak >> > side. Here's the code we are trying to use to do this >> > >> > UserRepresentation user = new UserRepresentation(); >> > user.setUsername(username); >> > user.setFirstName(employee.getFirstName()); >> > user.setLastName(employee.getLastName()); >> > user.setEmail(employee.getEmail()); >> > user.setEnabled(true); >> > user.setEmailVerified(false); >> > List<String> requiredActions = new ArrayList<>(); >> > requiredActions.add(UserModel.RequiredAction.UPDATE_PASSWORD.name()); >> > *List<String> userRoles = getMigrateRoles(employee);* >> > * user.setRealmRoles(userRoles);* >> > user.setRequiredActions(requiredActions); >> > adminClient.createUser(settings.getKeycloackUrl(), >> settings.getRealm(), access, user); >> > >> > It seams setting the list of roles to the Realm Roles isn't enough to >> > the user with these roles. The user gets created alright, but doesn't >> > come with any roles. Is there any other means by which we can specify >> > the user roles during the process of account creation? >> > >> > The migration will be very tedious if we ask the administrators to >> > manually do the assignment of the user to their roles after our current >> > implementation of being able to automatically migrate the user accounts >> > themselves to keycloak. >> > >> > >> > _______________________________________________ >> > keycloak-user mailing list >> > keycloak-user@lists.jboss.org <mailto:keycloak-user@lists.jboss.org> >> > https://lists.jboss.org/mailman/listinfo/keycloak-user >> > >> > > > _______________________________________________ > keycloak-user mailing list > keycloak-user@lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user >