9:07 a.m.
I am having trouble adding a default client role when posting a new user to
the ADMIN REST interface.
According to one data migration code, it would work:
https://github.com/keycloak/keycloak/blob/1aeec2a83c6677cd7dcfccb6ba2c39
d10143b920/examples/authz/photoz/photoz-realm.json
curl -v -X POST \
-H "Content-Type:application/json" \
-H 'Authorization: bearer xxxx' \
-d '{
"username": "my_user",
"enabled": true,
"credentials": [
{
"value" : "my_password",
"temporary" : false
} ],
"realmRoles": [
"offline_access", "uma_authorization"
],
"clientRoles": {
"realm-management": [
"view-clients"
]
}
}' \
https://mydomain/auth/admin/realms/myrealm/users
The new user is created, but role mappings are not assigned. Is this
another case of Admin REST API and AuthZ not working together?
3:18 p.m.
Hello,
to assign client or realm roles you need to use dedicated sub resources of
the user resource,
The following example creates a new user and assigns a realm role and
client role via the Keycloak Admin Client API:
package de.tdlabs.keycloak.client;
import org.keycloak.OAuth2Constants;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.KeycloakBuilder;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.admin.client.resource.UsersResource;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import javax.ws.rs.core.Response;
import java.util.Arrays;
import java.util.Collections;
/**
* Created by tom on 09.08.16.
*/
public class KeycloakClientExample {
public static void main(String[] args) {
String serverUrl = "http://localhost:8081/auth";
String realm = "acme";
String clientId = "idm-client";
String clientSecret = "288876a6-c469-4a58-bdbb-5aefa8fd82ab";
Keycloak keycloak = KeycloakBuilder.builder() //
.serverUrl(serverUrl)
.realm(realm)
.grantType(OAuth2Constants.CLIENT_CREDENTIALS)
.clientId(clientId)
.clientSecret(clientSecret)
.build();
UserRepresentation user = new UserRepresentation();
user.setEnabled(true);
user.setUsername("tester1");
user.setEmail("tom+tester1@localhost");
user.setAttributes(Collections.singletonMap("origin",
Arrays.asList("demo")));
RealmResource realmResource = keycloak.realm(realm);
UsersResource userRessource = realmResource.users();
Response response = userRessource.create(user);
System.out.println(response.getLocation());
String userId =
response.getLocation().getPath().replaceAll(".*/([^/]+)$", "$1");
RoleRepresentation testerRealmRole =
realmResource.roles().get("tester").toRepresentation();
userRessource.get(userId).roles().realmLevel().add(Arrays.asList(testerRealmRole));
ClientRepresentation app1Client =
realmResource.clients().findByClientId("app1").get(0);
RoleRepresentation userClientRole =
realmResource.clients().get(app1Client.getId()).roles().get("user").toRepresentation();
userRessource.get(userId).roles().clientLevel(app1Client.getId()).add(Arrays.asList(userClientRole));
CredentialRepresentation passwordCred = new CredentialRepresentation();
passwordCred.setTemporary(false);
passwordCred.setType(CredentialRepresentation.PASSWORD);
passwordCred.setValue("test");
userRessource.get(userId).resetPassword(passwordCred);
}
}
Cheers,
Thomas
2017-03-10 16:07 GMT+01:00 Sven Thoms <sven.thoms(a)gmail.com>:
I am having trouble adding a default client role when posting a new
user to
the ADMIN REST interface.
According to one data migration code, it would work:
https://github.com/keycloak/keycloak/blob/1aeec2a83c6677cd7dcfccb6ba2c39
d10143b920/examples/authz/photoz/photoz-realm.json
curl -v -X POST \
-H "Content-Type:application/json" \
-H 'Authorization: bearer xxxx' \
-d '{
"username": "my_user",
"enabled": true,
"credentials": [
{
"value" : "my_password",
"temporary" : false
} ],
"realmRoles": [
"offline_access", "uma_authorization"
],
"clientRoles": {
"realm-management": [
"view-clients"
]
}
}' \
https://mydomain/auth/admin/realms/myrealm/users
The new user is created, but role mappings are not assigned. Is this
another case of Admin REST API and AuthZ not working together?
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2850
days inactive
2850
days old
1 comments
2 participants
participants (2)
-
Sven Thoms -
Thomas Darimont