http://keycloak.github.io/docs/rest-api/admin/realms/%7Brealm%7D/users/%7...
On 8/3/2015 9:48 AM, Edem Morny wrote:
> Hi,
>
> Sorry Bill, I think I'm confusing matters here. The AdminClient I'm
> referring to is not the keycloak-admin-client.jar but rather a
> combination of insights from
>
https://github.com/keycloak/keycloak/blob/master/examples/demo-template/a...
> and from the documentation in the user guide.
>
> That means I'm constructing the URLs myself to invoke the operation. I
> intend to move to the keycloak-admin-client in the future though.
>
> I can't find the corresponding REST url(s) to invoke to achieve the same
> results as you describe in your response below. I think that's what I need.
> Cheers.
>
>
> On Mon, 2015-08-03 at 09:13 -0400, Bill Burke wrote:
>> If you're just using the admin client interfaces its:
>>
>>
realm("realm").users().get("user-id").roles().realmLevel().add(List<RoleRepresentation>
>> rolesToAdd)
>>
>> On 8/3/2015 9:07 AM, Edem Morny wrote:
>>> Hi Bill,
>>>
>>> The adminClient.createUser is my modification of the code situated in
>>> the AdminClient implementation of the "admin-access-app" in the
>> examples.
>>>
>>> Could you point me in the direction of the API calls to do the addition
>>> of the roles? I had a feeling it might be a subsequent step (like for
>>> setting the password, which I actually implemented), but I'm struggling
>>> to find any pointers as to how to do this particular one.
>>>
>>>
>>> On Mon, 2015-08-03 at 08:36 -0400, Bill Burke wrote:
>>>> Is adminClient.createUser(...) your own method? There is a different
>>>> REST API for adding roles.
>>>>
>>>> create the user
>>>> then add the roles
>>>>
>>>> On 8/3/2015 8:23 AM, Edem Morny wrote:
>>>>> Hi,
>>>>>
>>>>> We're currently using Keycloak 1.2.0.Final.
>>>>>
>>>>> We are migrating users from an existing application with it's
own
>> user
>>>>> management implementation to Keycloak, and have been making
extensive
>>>>> use of the Via the REST api to achieve this. I'm able to create a
new
>>>>> user, set their temporary password and so on. However, I'm
>> finding that
>>>>> all our attempts to add the roles to the created user seem not to be
>>>>> taking effect when we observe the newly created user on the keycloak
>>>>> side. Here's the code we are trying to use to do this
>>>>>
>>>>> UserRepresentation user = new UserRepresentation();
>>>>> user.setUsername(username);
>>>>> user.setFirstName(employee.getFirstName());
>>>>> user.setLastName(employee.getLastName());
>>>>> user.setEmail(employee.getEmail());
>>>>> user.setEnabled(true);
>>>>> user.setEmailVerified(false);
>>>>> List<String> requiredActions = new ArrayList<>();
>>>>>
requiredActions.add(UserModel.RequiredAction.UPDATE_PASSWORD.name());
>>>>> *List<String> userRoles = getMigrateRoles(employee);*
>>>>> * user.setRealmRoles(userRoles);*
>>>>> user.setRequiredActions(requiredActions);
>>>>> adminClient.createUser(settings.getKeycloackUrl(),
>>>> settings.getRealm(), access, user);
>>>>>
>>>>> It seams setting the list of roles to the Realm Roles isn't
enough to
>>>>> the user with these roles. The user gets created alright, but
doesn't
>>>>> come with any roles. Is there any other means by which we can
specify
>>>>> the user roles during the process of account creation?
>>>>>
>>>>> The migration will be very tedious if we ask the administrators to
>>>>> manually do the assignment of the user to their roles after our
>> current
>>>>> implementation of being able to automatically migrate the user
>> accounts
>>>>> themselves to keycloak.
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> keycloak-user mailing list
>>>>> keycloak-user(a)lists.jboss.org
>> <mailto:keycloak-user@lists.jboss.org>
>> <mailto:keycloak-user@lists.jboss.org>
>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>
>>>>
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>