Sorry, its this: http://keycloak.github.io/docs/rest-api/admin/realms/%7Brealm%7D/users/%7Bid%7D/role-mappings/realm/index.html#POST On 8/3/2015 9:51 AM, Bill Burke wrote: > http://keycloak.github.io/docs/rest-api/admin/realms/%7Brealm%7D/users/%7Bid%7D/role-mappings/clients/%7Bclient%7D/index.html > > On 8/3/2015 9:48 AM, Edem Morny wrote: >> Hi, >> >> Sorry Bill, I think I'm confusing matters here. The AdminClient I'm >> referring to is not the keycloak-admin-client.jar but rather a >> combination of insights from >> https://github.com/keycloak/keycloak/blob/master/examples/demo-template/admin-access-app/src/main/java/org/keycloak/example/AdminClient.java >> and from the documentation in the user guide. >> >> That means I'm constructing the URLs myself to invoke the operation. I >> intend to move to the keycloak-admin-client in the future though. >> >> I can't find the corresponding REST url(s) to invoke to achieve the same >> results as you describe in your response below. I think that's what I need. >> Cheers. >> >> >> On Mon, 2015-08-03 at 09:13 -0400, Bill Burke wrote: >>> If you're just using the admin client interfaces its: >>> >>> realm("realm").users().get("user-id").roles().realmLevel().add(List<RoleRepresentation> >>> rolesToAdd) >>> >>> On 8/3/2015 9:07 AM, Edem Morny wrote: >>>> Hi Bill, >>>> >>>> The adminClient.createUser is my modification of the code situated in >>>> the AdminClient implementation of the "admin-access-app" in the >>> examples. >>>> >>>> Could you point me in the direction of the API calls to do the addition >>>> of the roles? I had a feeling it might be a subsequent step (like for >>>> setting the password, which I actually implemented), but I'm struggling >>>> to find any pointers as to how to do this particular one. >>>> >>>> >>>> On Mon, 2015-08-03 at 08:36 -0400, Bill Burke wrote: >>>>> Is adminClient.createUser(...) your own method? There is a different >>>>> REST API for adding roles. >>>>> >>>>> create the user >>>>> then add the roles >>>>> >>>>> On 8/3/2015 8:23 AM, Edem Morny wrote: >>>>>> Hi, >>>>>> >>>>>> We're currently using Keycloak 1.2.0.Final. >>>>>> >>>>>> We are migrating users from an existing application with it's own >>> user >>>>>> management implementation to Keycloak, and have been making extensive >>>>>> use of the Via the REST api to achieve this. I'm able to create a new >>>>>> user, set their temporary password and so on. However, I'm >>> finding that >>>>>> all our attempts to add the roles to the created user seem not to be >>>>>> taking effect when we observe the newly created user on the keycloak >>>>>> side. Here's the code we are trying to use to do this >>>>>> >>>>>> UserRepresentation user = new UserRepresentation(); >>>>>> user.setUsername(username); >>>>>> user.setFirstName(employee.getFirstName()); >>>>>> user.setLastName(employee.getLastName()); >>>>>> user.setEmail(employee.getEmail()); >>>>>> user.setEnabled(true); >>>>>> user.setEmailVerified(false); >>>>>> List<String> requiredActions = new ArrayList<>(); >>>>>> requiredActions.add(UserModel.RequiredAction.UPDATE_PASSWORD.name()); >>>>>> *List<String> userRoles = getMigrateRoles(employee);* >>>>>> * user.setRealmRoles(userRoles);* >>>>>> user.setRequiredActions(requiredActions); >>>>>> adminClient.createUser(settings.getKeycloackUrl(), >>>>> settings.getRealm(), access, user); >>>>>> >>>>>> It seams setting the list of roles to the Realm Roles isn't enough to >>>>>> the user with these roles. The user gets created alright, but doesn't >>>>>> come with any roles. Is there any other means by which we can specify >>>>>> the user roles during the process of account creation? >>>>>> >>>>>> The migration will be very tedious if we ask the administrators to >>>>>> manually do the assignment of the user to their roles after our >>> current >>>>>> implementation of being able to automatically migrate the user >>> accounts >>>>>> themselves to keycloak. >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> keycloak-user mailing list >>>>>> keycloak-user@lists.jboss.org >>> <mailto:keycloak-user@lists.jboss.org> >>> <mailto:keycloak-user@lists.jboss.org> >>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>>>>> >>>>> >>>> >>>> >>>> _______________________________________________ >>>> keycloak-user mailing list >>>> keycloak-user@lists.jboss.org <mailto:keycloak-user@lists.jboss.org> >>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>>> >>> >