7:55 a.m.
Problem: I have a user with Client Roles realm-management in a realm called
xx which contains password policy.
I want to exclude this user from the password policy since this user
responsible to fetch the roles, users and do some updates via Java API
and I don't want all the operation to stop until we update the user password
when the password policy triggered
Ps. I tried to use the admin user from the master realms I could n't get
data out of the master realm
I would appreciate any Help or ideas?
--
Sent from: http://keycloak-user.88327.x6.nabble.com/
8:11 a.m.
Hi,
You could create a new user in the master realm and assign the Realm management roles for
the specific realm using the Role Mappings tab -> Client Role . In order to manage the
other realm, get the token for the newly created user from the master realm and then send
that token in your API calls.
The ability to assign realm management for other realms is only available for users in the
master realm.
Hope this helps.
Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows 10
________________________________
From: keycloak-user-bounces(a)lists.jboss.org <keycloak-user-bounces(a)lists.jboss.org>
on behalf of Fateh <fateh.alchhabi(a)gmail.com>
Sent: Friday, March 15, 2019 6:25:25 PM
To: keycloak-user(a)lists.jboss.org
Subject: [keycloak-user] Exclude a user with realm-management role from keycloak's
password policy
Problem: I have a user with Client Roles realm-management in a realm called
xx which contains password policy.
I want to exclude this user from the password policy since this user
responsible to fetch the roles, users and do some updates via Java API
and I don't want all the operation to stop until we update the user password
when the password policy triggered
Ps. I tried to use the admin user from the master realms I could n't get
data out of the master realm
I would appreciate any Help or ideas?
--
Sent from: http://keycloak-user.88327.x6.nabble.com/
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
8:17 a.m.
Hi Firoz
Thanks for the answer, but I could not achieve the expected result
First of all, I am using Keycloak-4.4.0.Final and I could not find Role
Mappings tab for the client
Here the steps I followed :
- I went to Master realm create user *sysAdmin* then on the left from
the user page >> Role Mapping >> Client Roles >> in the drop menu I
found
the client from the Master realm only but not from the other realms. So I
assigned to the master-realm all the roles inside
- in the other realm I have a client with those values
<secure-deployment name="WAR MODULE NAME.war">
<realm>Nosg-Realm</realm>
<auth-server-url>http://localhost:8180/auth</auth-server-url>
<ssl-required>EXTERNAL</ssl-required>
<resource>whereoil-rest-api</resource>
<credential
name="secret">4ab9fac1-xxxxxxx-xxxxxxx-xxxxxxxxxx</credential>
<use-resource-role-mappings>true</use-resource-role-mappings>
</secure-deployment>
- I am using Java client to fetch all user and roles list via this code
Keycloak keycloak = KeycloakBuilder.builder()
.serverUrl("http://localhost:8180/auth")
.realm("Nosg-Realm")
.grantType(OAuth2Constants.PASSWORD)
.clientId("whereoil-rest-api")
.clientSecret(" 4ab9fac1-xxxxxxx-xxxxxxx-xxxxxxxxxx ")
.username("sysadmin") //master Realm user
.password("xxxxx")
.build();
RealmResource realmResource = keycloak.realm("Nosg-Realm");
realmResource.users().search("User from Nosg-Realm");
I hope this could clarify it more
Best regards
Fateh Alchhabi
On Fri, Mar 15, 2019 at 2:11 PM Firoz Ahamed <firozpalapra(a)outlook.com>
wrote:
Hi,
You could create a new user in the master realm and assign the Realm
management roles for the specific realm using the Role Mappings tab ->
Client Role . In order to manage the other realm, get the token for the
newly created user from the master realm and then send that token in your
API calls.
The ability to assign realm management for other realms is only available
for users in the master realm.
Hope this helps.
Sent from Mail <https://go.microsoft.com/fwlink/?LinkId=550986> for
Windows 10
------------------------------
*From:* keycloak-user-bounces(a)lists.jboss.org <
keycloak-user-bounces(a)lists.jboss.org> on behalf of Fateh <
fateh.alchhabi(a)gmail.com>
*Sent:* Friday, March 15, 2019 6:25:25 PM
*To:* keycloak-user(a)lists.jboss.org
*Subject:* [keycloak-user] Exclude a user with realm-management role from
keycloak's password policy
Problem: I have a user with Client Roles realm-management in a realm called
xx which contains password policy.
I want to exclude this user from the password policy since this user
responsible to fetch the roles, users and do some updates via Java API
and I don't want all the operation to stop until we update the user
password
when the password policy triggered
Ps. I tried to use the admin user from the master realms I could n't get
data out of the master realm
I would appreciate any Help or ideas?
--
Sent from: http://keycloak-user.88327.x6.nabble.com/
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2579
days inactive
2583
days old
2 comments
2 participants
participants (2)
-
Fateh -
Firoz Ahamed