Re: [keycloak-user] How to configure my client for use ADMIN REST API [DELETE]: https://keycloaksrv.fr/auth/admin/realms/myclient/users/'

Wednesday, 8 May 2019

Addendum:

The "resource_access" token claim can be set with the builtin "client
roles" mapper by assigning the needed roles to the service or user accounts AND
having in the issuing client registration's scope mappings EITHER "Full Scope
Allowed" turned on OR the assigned roles matching the needed roles.

...
 On 7 May 2019, at 2:02 pm, Gary Kennedy <gary(a)apnic.net&gt;
wrote:

 I'm pretty sure this is similar to the problem I'm having, and I'm also
pretty sure that you need to either:

 - add the assigned roles needed for the admin API call (eg, as Sebastien wrote) to the
service or user account;
  AND ensure the token is issued for the admin clients (either "admin-cli" or
"security-admin-console" by default)
  (ie, the "azp" claim is either "admin-cli" or
"security-admin-console")

 OR

 - if the token is NOT issued for the admin clients, the token needs a
"resource_access" claim which is a map containing the
"realm-management" key with a map value having a "roles" key which is
an array of role name strings. eg:
    "resource_access": {
        "realm-management": {
            "roles": [ "manage-users" ]
        }
    }

 Cheers,
 Gary

> On 7 May 2019, at 2:54 am, Sebastien Blanc <sblanc(a)redhat.com&gt; wrote:
> 
> Give your user the "manage-users" role , you can do that from the role
> Mappings tab in the user screen and select in "client roles" =>
> "realm-management" and there you should see the role
"manage-users" and
> assign it.
> 
> 
> 
> On Mon, May 6, 2019 at 5:45 PM Christophe Lehingue <clehingue(a)gmail.com&gt;
> wrote:
> 
>> Hello, how to configure a client so that the user can use the user removal
>> API?
>> 
>> [DELETE]:
>>
https://keycloaksrv.fr/auth/admin/realms/myclient/users/fdskgjdkdjkgjf-sd...
>> 
>> Whenever I try to call this request REST => I get the following error
>> message: "resulted in a 401/403 Unauthorized`"
>> 
>> Can you help me ?
>> 
>> Thank you
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>> 
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

 _______________________________________________
 keycloak-user mailing list
 keycloak-user(a)lists.jboss.org
 https://lists.jboss.org/mailman/listinfo/keycloak-user 

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

Re: [keycloak-user] How to configure my client for use ADMIN REST API [DELETE]: https://keycloaksrv.fr/auth/admin/realms/myclient/users/'