Is adminClient.createUser(...) your own method? There is a different
REST API for adding roles.
create the user
then add the roles
On 8/3/2015 8:23 AM, Edem Morny wrote:
Hi,
We're currently using Keycloak 1.2.0.Final.
We are migrating users from an existing application with it's own user
management implementation to Keycloak, and have been making extensive
use of the Via the REST api to achieve this. I'm able to create a new
user, set their temporary password and so on. However, I'm finding that
all our attempts to add the roles to the created user seem not to be
taking effect when we observe the newly created user on the keycloak
side. Here's the code we are trying to use to do this
UserRepresentation user = new UserRepresentation();
user.setUsername(username);
user.setFirstName(employee.getFirstName());
user.setLastName(employee.getLastName());
user.setEmail(employee.getEmail());
user.setEnabled(true);
user.setEmailVerified(false);
List<String> requiredActions = new ArrayList<>();
requiredActions.add(UserModel.RequiredAction.UPDATE_PASSWORD.name());
*List<String> userRoles = getMigrateRoles(employee);*
* user.setRealmRoles(userRoles);*
user.setRequiredActions(requiredActions);
adminClient.createUser(settings.getKeycloackUrl(), settings.getRealm(), access,
user);
It seams setting the list of roles to the Realm Roles isn't enough to
the user with these roles. The user gets created alright, but doesn't
come with any roles. Is there any other means by which we can specify
the user roles during the process of account creation?
The migration will be very tedious if we ask the administrators to
manually do the assignment of the user to their roles after our current
implementation of being able to automatically migrate the user accounts
themselves to keycloak.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com