Hi,

I think you're supposed to send the list of roles (JSON array), but you're instead sending the object. I think the stuff like "realm", "id" and "client" is not needed in your last request, just send the list of roles instead.

Btv. you can take a look at docs http://keycloak.github.io/docs/rest-api/admin/realms/%7Brealm%7D/users/%7Bid%7D/role-mappings/clients/%7Bclient%7D/index.html#POST . What should help is also to install some plugin to decode requests to your browser (like Firebug in Firefox) and then do some actions in keycloak admin console (like assign some client role to some user) and then analyze how the request for assign roles should look like, what's the format of data etc. Admin console is angular application, which uses REST requests to admin REST API under the hood.

Marek

On 12.8.2015 18:56, Christopher Davies wrote:
I am trying to write  a test harness for out application which uses KeyCloak.
In order to run my tests I need to manipulate KeyCloak.

I am able to get data out of KeyCloak using the REST API. However I am unclear what I should send to KeyCloak to change a setting.

I was trying to set the role for a user and wrote the script at the bottom of the email.

I get back an error of org.codehaus.jackson.map.JsonMappingException: Can not deserialize instance of java.util.ArrayList out of START_OBJECT token
 at [Source: io.undertow.servlet.spec.ServletInputStreamImpl@73cda37e; line: 1, column: 1]

I have obviously missed a key point in the format of my data, but cannot see what it is.


Chris




---------------------------------------
#!/bin/bash

host=192.168.10.221:8088
realm=ATS-ci


t=$(curl -X POST http://${host}/auth/realms/${realm}/protocol/openid-connect/token --data "username=${1}" --data "password=${2}" --data "grant_type=password" --data "client_id=client" 2>/dev/null | jq -r ".id_token")

client=$(curl http://${host}/auth/admin/realms/${realm}/clients -H "Accept: application/json" -H "Authorization: Bearer ${t}" 2>/dev/null | jq -r ".[] | select(.name == \"client\").id")
user=$(curl http://${host}/auth/admin/realms/${realm}/users -H "Accept: application/json" -H "Authorization: Bearer ${t}" 2>/dev/null | jq -r ".[] | select(.username == \"${3}\").id")

echo ${client}
echo ${user}

echo "Roles"
curl http://${host}/auth/admin/realms/${realm}/clients/${client}/roles \
-H "Accept: application/json" \
-H "Authorization: Bearer ${t}" 2>/dev/null  | jq -r ".[] | {id, name }"

echo ""
echo "Roles:${3}"
curl http://${host}/auth/admin/realms/${realm}/users/${user}/role-mappings/clients/${client} \
-H "Accept: application/json" \
-H "Authorization: Bearer ${t}" 2>/dev/null | jq -r ".[] | {id, name }"


curl http://${host}/auth/admin/realms/${realm}/users/${user}/role-mappings/clients/${client} \
-X POST \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-H "Authorization: Bearer ${t}" \
--data "{'realm': 'ATS-${realm}', 'id': '${user}', 'client': '${client}', '\$entity': [ 'operator' ] }"


_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user