6:02 a.m.
Hi all,
I have defined several groups in Keycloak 3.0.0.Final with some users and
via the java library I make rest calls to retrieve the list of users via
realmResource.users().search(), but the response does not contain the
groups info (UserRepresentation.getGroups() is null)?
So I added a client mapper of type Group Membership with claim name
myGroups (add to ID token, access token and userinfo). After a login into
the application I do have an otherClaims of myGroups with the groupnames
the user belongs to. But the rest call response does not contain the info (
UserRepresentation.getAttributes() is null)
Also the group attributes (with a new mapper) do not appear in the response
of the rest call. It seems that only individual user attributes are
returned in the rest call response? Is this by design?
I know there is the possibility to extend the rest api via a custom
provider, but this seem cumbersome to just know to which group the user
belongs to...
Currently I query for each group the members separately via
realmResource.groups().group(groupid).members(). This is kind of ok as
there are currently only 4 groups.
Kind regards,
Dirk Franssen
1:57 a.m.
On 18/06/17 13:02, Dirk Franssen wrote:
Hi all,
I have defined several groups in Keycloak 3.0.0.Final with some users and
via the java library I make rest calls to retrieve the list of users via
realmResource.users().search(), but the response does not contain the
groups info (UserRepresentation.getGroups() is null)?
There is separate REST
endpoint for it. You can try to explore our admin
console and see what HTTP requests it is sending when you display group
memberships of user (admin console is just angular application backed by
admin REST API).
So I added a client mapper of type Group Membership with claim name
myGroups (add to ID token, access token and userinfo). After a login into
the application I do have an otherClaims of myGroups with the groupnames
the user belongs to. But the rest call response does not contain the info (
UserRepresentation.getAttributes() is null)
Also the group attributes (with a new mapper) do not appear in the response
of the rest call. It seems that only individual user attributes are
returned in the rest call response? Is this by design?
Yes. However once user
authenticate, you will see all his attributes in
the token as expected, including the attributes inherited through group
mapping.
Maybe our admin console and admin REST API could be a bit clever and
optionally display also attributes inherited through groups. Feel free
to create JIRA. However not sure about priority of this...
Marek
I know there is the possibility to extend the rest api via a custom
provider, but this seem cumbersome to just know to which group the user
belongs to...
Currently I query for each group the members separately via
realmResource.groups().group(groupid).members(). This is kind of ok as
there are currently only 4 groups.
Kind regards,
Dirk Franssen
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2761
days inactive
2762
days old
1 comments
2 participants
participants (2)
-
Dirk Franssen -
Marek Posolda