[keycloak-dev] Admin REST - User Roles
Remi Cartier
remi.cartier at imetrik.com
Fri Oct 2 08:20:30 EDT 2015
Amazing, you guys are very responsive !
Thanks & Cheers !
________________________________
REMI CARTIER
B.O.S.S. (Business & Operation Support Systems) P.O (Product Owner)
IMETRIK GLOBAL INC.
T : +1 514 448-6407 x2009
T : +1 866 276-5382 (toll free)
F : +1 514 904-0611
740 Notre Dame St. West, Suite 1575
Montreal, Quebec, Canada H3C 3X6
imetrik.com<http://www.imetrik.com/>
On Oct 2, 2015, at 2:31 AM, Stian Thorgersen <sthorger at redhat.com<mailto:sthorger at redhat.com>> wrote:
Looks like there's a difference if you return a specific user or search for users. Returning a user doesn't include null values, while search does. Created https://issues.jboss.org/browse/KEYCLOAK-1896
On 1 October 2015 at 16:55, Remi Cartier <remi.cartier at imetrik.com<mailto:remi.cartier at imetrik.com>> wrote:
Stian,
that’s actually what I am receiving over the wire. Here is the full log of the communication :
16:18:58.472 [main] DEBUG org.apache.http.headers - >> GET /auth/admin/realms/imetrik/users?first=0&max=2147483647<tel:2147483647> HTTP/1.1
16:18:58.472 [main] DEBUG org.apache.http.headers - >> Accept: application/json
16:18:58.472 [main] DEBUG org.apache.http.headers - >> Accept-Encoding: gzip, deflate
16:18:58.472 [main] DEBUG org.apache.http.headers - >> Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJhZjk4OTY2OS03YmIwLTRkYjgtOTNiNC0xYWI5NmU1MzgyY2UiLCJleHAiOjE0NDM1NTgyMTEsIm5iZiI6MCwiaWF0IjoxNDQzNTU3OTExLCJpc3MiOiJodHRwOi8vbTRpYi1pZG06ODA4MC9hdXRoL3JlYWxtcy9pbWV0cmlrIiwiYXVkIjoidWJpX2RyaXZlciIsInN1YiI6IjA1NTY3MTdlLWZmYjktNGMyZC1iODViLTUzM2Q5Mzk2ZjI0MyIsImF6cCI6InViaV9kcml2ZXIiLCJzZXNzaW9uX3N0YXRlIjoiMDQyNTdlY2EtMDAxMi00ZDU5LWFjMWItNWQ0NzI1MTFiMTc2IiwiY2xpZW50X3Nlc3Npb24iOiI5OGVkZjRkMC00MTk5LTRjODctYjY0OC1jYzhiYzI3MDhkMmUiLCJhbGxvd2VkLW9yaWdpbnMiOltdLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsicmVhbG0tcm9sZSJdfSwicmVzb3VyY2VfYWNjZXNzIjp7InViaV9kcml2ZXIiOnsicm9sZXMiOlsibWlsZWFnZSJdfSwicmVhbG0tbWFuYWdlbWVudCI6eyJyb2xlcyI6WyJ2aWV3LXJlYWxtIiwidmlldy1pZGVudGl0eS1wcm92aWRlcnMiLCJtYW5hZ2UtZXZlbnRzIiwibWFuYWdlLXJlYWxtIiwibWFuYWdlLWlkZW50aXR5LXByb3ZpZGVycyIsImltcGVyc29uYXRpb24iLCJyZWFsbS1hZG1pbiIsInZpZXctZXZlbnRzIiwibWFuYWdlLXVzZXJzIiwidmlldy11c2VycyIsInZpZXctY2xpZW50cyIsIm1hbmFnZS1jbGllbnRzIl19LCJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50Iiwidmlldy1wcm9maWxlIl19fSwibmFtZSI6ImZpcnN0IG5hbWUgbGFzdCBuYW1lIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4iLCJnaXZlbl9uYW1lIjoiZmlyc3QgbmFtZSIsImZhbWlseV9uYW1lIjoibGFzdCBuYW1lIn0.Px7tQJ8TV7ba9urpdNUq-HXul01CebvwSe6mpusMzLmIBJUdlzIJnzXyiuz4_AD9vwdYc5KCMHQ8LbucDs5ZrDYx5JQVJEIAQq6_q7d8hsE2gwp0SPejHvtJgki-hDRiuVlp-8lYGLQ6oJ_ipc6GBeVoaxQU8mmBEailh_rxpRwlXSNkef-r_ixzVwY3EQ5K55V2ivYFLmgEbi4mp7dU1FlzsAlvUOuJzbhVo-pyi0iQBjsvca8IJSIKQetCFxvTNXPIQUk5-bBI96_MOFYyoTenCs2m2ygEBDWB8GabrszAPLGEHEEJ2IgXIEK1kditZ7rXNm-ZgcVGYiBbzhVprQ
16:18:58.472 [main] DEBUG org.apache.http.headers - >> Host: m4ib-idm:8080
16:18:58.472 [main] DEBUG org.apache.http.headers - >> Connection: Keep-Alive
16:18:58.478 [main] DEBUG org.apache.http.wire - << "HTTP/1.1 200 OK[\r][\n]"
16:18:58.479 [main] DEBUG org.apache.http.wire - << "Connection: keep-alive[\r][\n]"
16:18:58.479 [main] DEBUG org.apache.http.wire - << "Cache-Control: no-cache[\r][\n]"
16:18:58.479 [main] DEBUG org.apache.http.wire - << "X-Powered-By: Undertow/1[\r][\n]"
16:18:58.479 [main] DEBUG org.apache.http.wire - << "Server: WildFly/9[\r][\n]"
16:18:58.479 [main] DEBUG org.apache.http.wire - << "Transfer-Encoding: chunked[\r][\n]"
16:18:58.479 [main] DEBUG org.apache.http.wire - << "Content-Type: application/json[\r][\n]"
16:18:58.479 [main] DEBUG org.apache.http.wire - << "Date: Tue, 29 Sep 2015 20:18:31 GMT[\r][\n]"
16:18:58.479 [main] DEBUG org.apache.http.wire - << "[\r][\n]"
16:18:58.479 [main] DEBUG o.a.h.i.conn.DefaultClientConnection - Receiving response: HTTP/1.1 200 OK
16:18:58.479 [main] DEBUG org.apache.http.headers - << HTTP/1.1 200 OK
16:18:58.479 [main] DEBUG org.apache.http.headers - << Connection: keep-alive
16:18:58.479 [main] DEBUG org.apache.http.headers - << Cache-Control: no-cache
16:18:58.479 [main] DEBUG org.apache.http.headers - << X-Powered-By: Undertow/1
16:18:58.479 [main] DEBUG org.apache.http.headers - << Server: WildFly/9
16:18:58.479 [main] DEBUG org.apache.http.headers - << Transfer-Encoding: chunked
16:18:58.479 [main] DEBUG org.apache.http.headers - << Content-Type: application/json
16:18:58.479 [main] DEBUG org.apache.http.headers - << Date: Tue, 29 Sep 2015 20:18:31 GMT
16:18:58.479 [main] DEBUG o.a.h.impl.client.DefaultHttpClient - Connection can be kept alive indefinitely
16:18:58.480 [main] DEBUG org.apache.http.wire - << "01db[\r][\n]"
16:18:58.480 [main] DEBUG org.apache.http.wire - << "[{"self":null,"id":"0556717e-ffb9-4c2d-b85b-533d9396f243","createdTimestamp":1443542144845,"username":"admin","enabled":true,"totp":false,"emailVerified":true,"firstName":"first name","lastName":"last name","email":null,"federationLink":null,"serviceAccountClientId":null,"attributes":{"key1":["value1"]},"credentials":null,"requiredActions":[],"federatedIdentities":null,"realmRoles":null,"clientRoles":null,"clientConsents":null,"applicationRoles":null,"socialLinks":null}]"
16:18:58.552 [main] DEBUG org.apache.http.wire - << "[\r][\n]"
16:18:58.552 [main] DEBUG org.apache.http.wire - << "0[\r][\n]"
16:18:58.552 [main] DEBUG org.apache.http.wire - << "[\r][\n]"
16:18:58.552 [main] DEBUG o.a.h.i.c.BasicClientConnectionManager - Releasing connection org.apache.http.impl.conn.ManagedClientConnectionImpl at 483f6d77
16:18:58.552 [main] DEBUG o.a.h.i.c.BasicClientConnectionManager - Connection can be kept alive indefinitely
Regards.
________________________________
REMI CARTIER
B.O.S.S. (Business & Operation Support Systems) P.O (Product Owner)
IMETRIK GLOBAL INC.
T : +1 514 448-6407 x2009<tel:514%20448-6407%20x2009>
T : +1 866 276-5382<tel:866%20276-5382> (toll free)
F : +1 514 904-0611<tel:514%20904-0611>
740 Notre Dame St. West, Suite 1575
Montreal, Quebec, Canada H3C 3X6
imetrik.com<http://www.imetrik.com/>
On Oct 1, 2015, at 10:37 AM, Stian Thorgersen <sthorger at redhat.com<mailto:sthorger at redhat.com>> wrote:
Just tried it and the returned json for a user is:
{"id":"354094d6-8b32-4c32-b1ae-ccd82c5fdca3","createdTimestamp":1443710165680,"username":"admin","enabled":true,"totp":false,"emailVerified":false,"attributes":{"locale":["en"]},"requiredActions":[]}
Which doesn't include the roles field. So this is shown because the way you are printing the user, not because it's included on the wire.
On 1 October 2015 at 16:34, Stian Thorgersen <sthorger at redhat.com<mailto:sthorger at redhat.com>> wrote:
Is that the json sent on the wire, or is it after you've marshalled it to UserRepresentation and then printed it back again?
On 1 October 2015 at 15:34, Remi Cartier <remi.cartier at imetrik.com<mailto:remi.cartier at imetrik.com>> wrote:
yes,
I can see :
[
{
"applicationRoles": null,
"attributes": {
"key1": [
"value1"
]
},
"clientConsents": null,
"clientRoles": null,
"createdTimestamp": 1443542144845,
"credentials": null,
"email": null,
"emailVerified": true,
"enabled": true,
"federatedIdentities": null,
"federationLink": null,
"firstName": "first name",
"id": "0556717e-ffb9-4c2d-b85b-533d9396f243",
"lastName": "last name",
"realmRoles": null,
"requiredActions": [],
"self": null,
"serviceAccountClientId": null,
"socialLinks": null,
"totp": false,
"username": "admin"
}
]
when doing the query : GET /auth/admin/realms/imetrik/users?first=0&max=2147483647<tel:2147483647>
________________________________
REMI CARTIER
B.O.S.S. (Business & Operation Support Systems) P.O (Product Owner)
IMETRIK GLOBAL INC.
T : +1 514 448-6407 x2009<tel:514%20448-6407%20x2009>
T : +1 866 276-5382<tel:866%20276-5382> (toll free)
F : +1 514 904-0611<tel:514%20904-0611>
740 Notre Dame St. West, Suite 1575
Montreal, Quebec, Canada H3C 3X6
imetrik.com<http://www.imetrik.com/>
On Oct 1, 2015, at 2:49 AM, Stian Thorgersen <sthorger at redhat.com<mailto:sthorger at redhat.com>> wrote:
Sorry, I meant does it include the "roles" field?
On 30 September 2015 at 16:24, Remi Cartier <remi.cartier at imetrik.com<mailto:remi.cartier at imetrik.com>> wrote:
The JSON response (string) does NOT contain any roles.
________________________________
From: Stian Thorgersen [sthorger at redhat.com<mailto:sthorger at redhat.com>]
Sent: Wednesday, September 30, 2015 7:39 AM
To: Remi Cartier
Cc: Marek Posolda; keycloak-dev at lists.jboss.org<mailto:keycloak-dev at lists.jboss.org>
Subject: Re: [keycloak-dev] Admin REST - User Roles
Does the response actually contain the roles though? You're parsing to UserRepresentation then printing it out afterwards.
On 30 September 2015 at 13:24, Remi Cartier <remi.cartier at imetrik.com<mailto:remi.cartier at imetrik.com>> wrote:
Marek,
I see, thank you for your reply.
Wouldn't it be less error/question prone if the endpoint returning all the users wouldn't show the *roles attributes ?
Because they will always be null if I understood correctly.
Regards.
Rémi.
________________________________
From: Marek Posolda [mposolda at redhat.com<mailto:mposolda at redhat.com>]
Sent: Wednesday, September 30, 2015 6:21 AM
To: Remi Cartier; keycloak-dev at lists.jboss.org<mailto:keycloak-dev at lists.jboss.org>
Subject: Re: [keycloak-dev] Admin REST - User Roles
Hi,
to retrieve realm role mappings of user, you need to use the endpoint like http://localhost:8080/auth/admin/realms/demo/users/{userid}/role-mappings/realm . See the docs for details: http://keycloak.github.io/docs/rest-api/overview-index.html
Marek
On 29/09/15 19:06, Remi Cartier wrote:
Hi guys,
first of all, thank you for that great piece of software, it’s amazing !
Now, down to business.
When I do :
keycloak = Keycloak.getInstance(getKeycloakServerURL(), getKeycloakRealm(), getKeycloakRealmAdminUsername(), getKeycloakRealmAdminPassword(), getKeycloakClientId());
for (UserRepresentation userRepresentation : keycloak.realm(getKeycloakRealm()).users().search(null, 0, Integer.MAX_VALUE)) {
log.info<http://log.info/>(ToStringBuilder.reflectionToString(userRepresentation, ToStringStyle.JSON_STYLE));
}
The information I get does not contain any roles, all the roles related fields are ‘null’. -
{"self":null,"id":"0556717e-ffb9-4c2d-b85b-533d9396f243","createdTimestamp":1443542144845,"username":"admin","enabled":true,"totp":false,"emailVerified":true,"firstName":"first name","lastName":"last name","email":null,"federationLink":null,"serviceAccountClientId":null,"attributes":{key1=[value1]},"credentials":null,"requiredActions":[],"federatedIdentities":null,"realmRoles":null,"clientRoles":null,"clientConsents":null,"applicationRoles":null,"socialLinks":null}
However in the admin interface I have setup roles at each layer : realm, client
The user I am using to do the queries has all the *realm* roles associated.
is there anything else I need to do ?
thank you for your help !
________________________________
REMI CARTIER
B.O.S.S. (Business & Operation Support Systems) P.O (Product Owner)
IMETRIK GLOBAL INC.
T : +1 514 448-6407 x2009<tel:514%20448-6407%20x2009>
T : +1 866 276-5382<tel:866%20276-5382> (toll free)
F : +1 514 904-0611<tel:514%20904-0611>
740 Notre Dame St. West, Suite 1575
Montreal, Quebec, Canada H3C 3X6
imetrik.com<http://www.imetrik.com/>
_______________________________________________
keycloak-dev mailing list
keycloak-dev at lists.jboss.org<mailto:keycloak-dev at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
_______________________________________________
keycloak-dev mailing list
keycloak-dev at lists.jboss.org<mailto:keycloak-dev at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
_______________________________________________
keycloak-dev mailing list
keycloak-dev at lists.jboss.org<mailto:keycloak-dev at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20151002/571c82a1/attachment-0001.html
More information about the keycloak-dev
mailing list