[keycloak-dev] Admin REST - User Roles

Stian Thorgersen sthorger at redhat.com
Thu Oct 1 10:37:51 EDT 2015


Just tried it and the returned json for a user is:


 {"id":"354094d6-8b32-4c32-b1ae-ccd82c5fdca3","createdTimestamp":1443710165680,"username":"admin","enabled":true,"totp":false,"emailVerified":false,"attributes":{"locale":["en"]},"requiredActions":[]}

Which doesn't include the roles field. So this is shown because the way you
are printing the user, not because it's included on the wire.

On 1 October 2015 at 16:34, Stian Thorgersen <sthorger at redhat.com> wrote:

> Is that the json sent on the wire, or is it after you've marshalled it to
> UserRepresentation and then printed it back again?
>
> On 1 October 2015 at 15:34, Remi Cartier <remi.cartier at imetrik.com> wrote:
>
>> yes,
>>
>> I can see :
>>
>> [
>>     {
>>         "applicationRoles": null,
>>         "attributes": {
>>             "key1": [
>>                 "value1"
>>             ]
>>         },
>>         "clientConsents": null,
>>         "clientRoles": null,
>>         "createdTimestamp": 1443542144845,
>>         "credentials": null,
>>         "email": null,
>>         "emailVerified": true,
>>         "enabled": true,
>>         "federatedIdentities": null,
>>         "federationLink": null,
>>         "firstName": "first name",
>>         "id": "0556717e-ffb9-4c2d-b85b-533d9396f243",
>>         "lastName": "last name",
>>         "realmRoles": null,
>>         "requiredActions": [],
>>         "self": null,
>>         "serviceAccountClientId": null,
>>         "socialLinks": null,
>>         "totp": false,
>>         "username": "admin"
>>     }
>> ]
>>
>> when doing the query : GET /auth/admin/realms/imetrik/users?first=0&max=
>> 2147483647
>>
>> ------------------------------
>>
>>
>> REMI CARTIER
>> B.O.S.S. (Business & Operation Support Systems) P.O (Product Owner)
>>
>> *IMETRIK GLOBAL INC.*
>> *T :* +1 514 448-6407 x2009
>> *T :* +1 866 276-5382 (toll free)
>> *F :* +1 514 904-0611
>>
>> 740 Notre Dame St. West, Suite 1575
>> Montreal, Quebec, Canada H3C 3X6
>> imetrik.com <http://www.imetrik.com/>
>>
>> On Oct 1, 2015, at 2:49 AM, Stian Thorgersen <sthorger at redhat.com> wrote:
>>
>> Sorry, I meant does it include the "roles" field?
>>
>> On 30 September 2015 at 16:24, Remi Cartier <remi.cartier at imetrik.com>
>> wrote:
>>
>>> The JSON response (string) does NOT contain any roles.
>>>
>>> ------------------------------
>>> *From:* Stian Thorgersen [sthorger at redhat.com]
>>> *Sent:* Wednesday, September 30, 2015 7:39 AM
>>> *To:* Remi Cartier
>>> *Cc:* Marek Posolda; keycloak-dev at lists.jboss.org
>>>
>>> *Subject:* Re: [keycloak-dev] Admin REST - User Roles
>>>
>>> Does the response actually contain the roles though? You're parsing to UserRepresentation
>>> then printing it out afterwards.
>>>
>>> On 30 September 2015 at 13:24, Remi Cartier <remi.cartier at imetrik.com>
>>> wrote:
>>>
>>>> Marek,
>>>>
>>>> I see, thank you for your reply.
>>>>
>>>> Wouldn't it be less error/question prone if the endpoint returning all
>>>> the users wouldn't show the *roles attributes ?
>>>> Because they will always be null if I understood correctly.
>>>>
>>>> Regards.
>>>>
>>>> Rémi.
>>>>
>>>> ------------------------------
>>>> *From:* Marek Posolda [mposolda at redhat.com]
>>>> *Sent:* Wednesday, September 30, 2015 6:21 AM
>>>> *To:* Remi Cartier; keycloak-dev at lists.jboss.org
>>>> *Subject:* Re: [keycloak-dev] Admin REST - User Roles
>>>>
>>>> Hi,
>>>>
>>>> to retrieve realm role mappings of user, you need to use the endpoint
>>>> like http://localhost:8080/auth/admin/realms/demo/users/{userid}/role-mappings/realm
>>>> . See the docs for details:
>>>> http://keycloak.github.io/docs/rest-api/overview-index.html
>>>>
>>>> Marek
>>>>
>>>> On 29/09/15 19:06, Remi Cartier wrote:
>>>>
>>>> Hi guys,
>>>>
>>>> first of all, thank you for that great piece of software, it’s amazing !
>>>>
>>>> Now, down to business.
>>>>
>>>> When I do :
>>>>
>>>>         keycloak = Keycloak.getInstance(getKeycloakServerURL(),
>>>> getKeycloakRealm(), getKeycloakRealmAdminUsername(),
>>>> getKeycloakRealmAdminPassword(), getKeycloakClientId());
>>>>         for (UserRepresentation userRepresentation :
>>>> keycloak.realm(getKeycloakRealm()).users().search(null, 0,
>>>> Integer.MAX_VALUE)) {
>>>>             log.info(ToStringBuilder.reflectionToString(userRepresentation,
>>>> ToStringStyle.JSON_STYLE));
>>>>         }
>>>>
>>>> The information I get does not contain any roles, all the roles related
>>>> fields are ‘null’. -
>>>>
>>>> {"self":null,"id":"0556717e-ffb9-4c2d-b85b-533d9396f243","createdTimestamp":1443542144845,"username":"admin","enabled":true,"totp":false,"emailVerified":true,"firstName":"first
>>>> name","lastName":"last
>>>> name","email":null,"federationLink":null,"serviceAccountClientId":null,"attributes":{key1=[value1]},"credentials":null,"requiredActions":[],"federatedIdentities":null,"realmRoles":null,"clientRoles":null,"clientConsents":null,"applicationRoles":null,"socialLinks":null}
>>>> However in the admin interface I have setup roles at each layer :
>>>> realm, client
>>>>
>>>> The user I am using to do the queries has all the *realm* roles
>>>> associated.
>>>>
>>>> is there anything else I need to do ?
>>>>
>>>> thank you for your help !
>>>>
>>>> ------------------------------
>>>>
>>>>
>>>> REMI CARTIER
>>>> B.O.S.S. (Business & Operation Support Systems) P.O (Product Owner)
>>>>
>>>> *IMETRIK GLOBAL INC.*
>>>> *T :* +1 514 448-6407 x2009
>>>> *T :* +1 866 276-5382 (toll free)
>>>> *F :* +1 514 904-0611
>>>>
>>>> 740 Notre Dame St. West, Suite 1575
>>>> Montreal, Quebec, Canada H3C 3X6
>>>> imetrik.com <http://www.imetrik.com/>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> keycloak-dev mailing listkeycloak-dev at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> keycloak-dev mailing list
>>>> keycloak-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>
>>>
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20151001/fa25be50/attachment-0001.html 


More information about the keycloak-dev mailing list