[keycloak-user] REST API: Create User With Roles
Edem Morny
emorny at gmail.com
Mon Aug 3 09:48:56 EDT 2015
Hi,
Sorry Bill, I think I'm confusing matters here. The AdminClient I'm
referring to is not the keycloak-admin-client.jar but rather a
combination of insights from
https://github.com/keycloak/keycloak/blob/master/examples/demo-template/admin-access-app/src/main/java/org/keycloak/example/AdminClient.java and from the documentation in the user guide.
That means I'm constructing the URLs myself to invoke the operation. I
intend to move to the keycloak-admin-client in the future though.
I can't find the corresponding REST url(s) to invoke to achieve the same
results as you describe in your response below. I think that's what I
need.
Cheers.
On Mon, 2015-08-03 at 09:13 -0400, Bill Burke wrote:
> If you're just using the admin client interfaces its:
>
> realm("realm").users().get("user-id").roles().realmLevel().add(List<RoleRepresentation>
> rolesToAdd)
>
> On 8/3/2015 9:07 AM, Edem Morny wrote:
> > Hi Bill,
> >
> > The adminClient.createUser is my modification of the code situated in
> > the AdminClient implementation of the "admin-access-app" in the examples.
> >
> > Could you point me in the direction of the API calls to do the addition
> > of the roles? I had a feeling it might be a subsequent step (like for
> > setting the password, which I actually implemented), but I'm struggling
> > to find any pointers as to how to do this particular one.
> >
> >
> > On Mon, 2015-08-03 at 08:36 -0400, Bill Burke wrote:
> >> Is adminClient.createUser(...) your own method? There is a different
> >> REST API for adding roles.
> >>
> >> create the user
> >> then add the roles
> >>
> >> On 8/3/2015 8:23 AM, Edem Morny wrote:
> >> > Hi,
> >> >
> >> > We're currently using Keycloak 1.2.0.Final.
> >> >
> >> > We are migrating users from an existing application with it's own user
> >> > management implementation to Keycloak, and have been making extensive
> >> > use of the Via the REST api to achieve this. I'm able to create a new
> >> > user, set their temporary password and so on. However, I'm finding that
> >> > all our attempts to add the roles to the created user seem not to be
> >> > taking effect when we observe the newly created user on the keycloak
> >> > side. Here's the code we are trying to use to do this
> >> >
> >> > UserRepresentation user = new UserRepresentation();
> >> > user.setUsername(username);
> >> > user.setFirstName(employee.getFirstName());
> >> > user.setLastName(employee.getLastName());
> >> > user.setEmail(employee.getEmail());
> >> > user.setEnabled(true);
> >> > user.setEmailVerified(false);
> >> > List<String> requiredActions = new ArrayList<>();
> >> > requiredActions.add(UserModel.RequiredAction.UPDATE_PASSWORD.name());
> >> > *List<String> userRoles = getMigrateRoles(employee);*
> >> > * user.setRealmRoles(userRoles);*
> >> > user.setRequiredActions(requiredActions);
> >> > adminClient.createUser(settings.getKeycloackUrl(),
> >> settings.getRealm(), access, user);
> >> >
> >> > It seams setting the list of roles to the Realm Roles isn't enough to
> >> > the user with these roles. The user gets created alright, but doesn't
> >> > come with any roles. Is there any other means by which we can specify
> >> > the user roles during the process of account creation?
> >> >
> >> > The migration will be very tedious if we ask the administrators to
> >> > manually do the assignment of the user to their roles after our current
> >> > implementation of being able to automatically migrate the user accounts
> >> > themselves to keycloak.
> >> >
> >> >
> >> > _______________________________________________
> >> > keycloak-user mailing list
> >> > keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
> >> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >> >
> >>
> >
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150803/f64e7ed6/attachment-0001.html
More information about the keycloak-user
mailing list