[keycloak-dev] Admin REST - User Roles
Stian Thorgersen
sthorger at redhat.com
Thu Oct 1 10:34:47 EDT 2015
Is that the json sent on the wire, or is it after you've marshalled it to
UserRepresentation and then printed it back again?
On 1 October 2015 at 15:34, Remi Cartier <remi.cartier at imetrik.com> wrote:
> yes,
>
> I can see :
>
> [
> {
> "applicationRoles": null,
> "attributes": {
> "key1": [
> "value1"
> ]
> },
> "clientConsents": null,
> "clientRoles": null,
> "createdTimestamp": 1443542144845,
> "credentials": null,
> "email": null,
> "emailVerified": true,
> "enabled": true,
> "federatedIdentities": null,
> "federationLink": null,
> "firstName": "first name",
> "id": "0556717e-ffb9-4c2d-b85b-533d9396f243",
> "lastName": "last name",
> "realmRoles": null,
> "requiredActions": [],
> "self": null,
> "serviceAccountClientId": null,
> "socialLinks": null,
> "totp": false,
> "username": "admin"
> }
> ]
>
> when doing the query : GET /auth/admin/realms/imetrik/users?first=0&max=
> 2147483647
>
> ------------------------------
>
>
> REMI CARTIER
> B.O.S.S. (Business & Operation Support Systems) P.O (Product Owner)
>
> *IMETRIK GLOBAL INC.*
> *T :* +1 514 448-6407 x2009
> *T :* +1 866 276-5382 (toll free)
> *F :* +1 514 904-0611
>
> 740 Notre Dame St. West, Suite 1575
> Montreal, Quebec, Canada H3C 3X6
> imetrik.com <http://www.imetrik.com/>
>
> On Oct 1, 2015, at 2:49 AM, Stian Thorgersen <sthorger at redhat.com> wrote:
>
> Sorry, I meant does it include the "roles" field?
>
> On 30 September 2015 at 16:24, Remi Cartier <remi.cartier at imetrik.com>
> wrote:
>
>> The JSON response (string) does NOT contain any roles.
>>
>> ------------------------------
>> *From:* Stian Thorgersen [sthorger at redhat.com]
>> *Sent:* Wednesday, September 30, 2015 7:39 AM
>> *To:* Remi Cartier
>> *Cc:* Marek Posolda; keycloak-dev at lists.jboss.org
>>
>> *Subject:* Re: [keycloak-dev] Admin REST - User Roles
>>
>> Does the response actually contain the roles though? You're parsing to UserRepresentation
>> then printing it out afterwards.
>>
>> On 30 September 2015 at 13:24, Remi Cartier <remi.cartier at imetrik.com>
>> wrote:
>>
>>> Marek,
>>>
>>> I see, thank you for your reply.
>>>
>>> Wouldn't it be less error/question prone if the endpoint returning all
>>> the users wouldn't show the *roles attributes ?
>>> Because they will always be null if I understood correctly.
>>>
>>> Regards.
>>>
>>> Rémi.
>>>
>>> ------------------------------
>>> *From:* Marek Posolda [mposolda at redhat.com]
>>> *Sent:* Wednesday, September 30, 2015 6:21 AM
>>> *To:* Remi Cartier; keycloak-dev at lists.jboss.org
>>> *Subject:* Re: [keycloak-dev] Admin REST - User Roles
>>>
>>> Hi,
>>>
>>> to retrieve realm role mappings of user, you need to use the endpoint
>>> like http://localhost:8080/auth/admin/realms/demo/users/{userid}/role-mappings/realm
>>> . See the docs for details:
>>> http://keycloak.github.io/docs/rest-api/overview-index.html
>>>
>>> Marek
>>>
>>> On 29/09/15 19:06, Remi Cartier wrote:
>>>
>>> Hi guys,
>>>
>>> first of all, thank you for that great piece of software, it’s amazing !
>>>
>>> Now, down to business.
>>>
>>> When I do :
>>>
>>> keycloak = Keycloak.getInstance(getKeycloakServerURL(),
>>> getKeycloakRealm(), getKeycloakRealmAdminUsername(),
>>> getKeycloakRealmAdminPassword(), getKeycloakClientId());
>>> for (UserRepresentation userRepresentation :
>>> keycloak.realm(getKeycloakRealm()).users().search(null, 0,
>>> Integer.MAX_VALUE)) {
>>> log.info(ToStringBuilder.reflectionToString(userRepresentation,
>>> ToStringStyle.JSON_STYLE));
>>> }
>>>
>>> The information I get does not contain any roles, all the roles related
>>> fields are ‘null’. -
>>>
>>> {"self":null,"id":"0556717e-ffb9-4c2d-b85b-533d9396f243","createdTimestamp":1443542144845,"username":"admin","enabled":true,"totp":false,"emailVerified":true,"firstName":"first
>>> name","lastName":"last
>>> name","email":null,"federationLink":null,"serviceAccountClientId":null,"attributes":{key1=[value1]},"credentials":null,"requiredActions":[],"federatedIdentities":null,"realmRoles":null,"clientRoles":null,"clientConsents":null,"applicationRoles":null,"socialLinks":null}
>>> However in the admin interface I have setup roles at each layer : realm,
>>> client
>>>
>>> The user I am using to do the queries has all the *realm* roles
>>> associated.
>>>
>>> is there anything else I need to do ?
>>>
>>> thank you for your help !
>>>
>>> ------------------------------
>>>
>>>
>>> REMI CARTIER
>>> B.O.S.S. (Business & Operation Support Systems) P.O (Product Owner)
>>>
>>> *IMETRIK GLOBAL INC.*
>>> *T :* +1 514 448-6407 x2009
>>> *T :* +1 866 276-5382 (toll free)
>>> *F :* +1 514 904-0611
>>>
>>> 740 Notre Dame St. West, Suite 1575
>>> Montreal, Quebec, Canada H3C 3X6
>>> imetrik.com <http://www.imetrik.com/>
>>>
>>>
>>>
>>> _______________________________________________
>>> keycloak-dev mailing listkeycloak-dev at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>
>>>
>>>
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20151001/7b717f5e/attachment-0001.html
More information about the keycloak-dev
mailing list