[keycloak-user] REST API: Create User With Roles

Edem Morny emorny at gmail.com
Mon Aug 3 10:02:36 EDT 2015


Thanks very much. Will jump to it.


On Mon, 2015-08-03 at 10:00 -0400, Bill Burke wrote:

> Sorry, its this:
> 
> http://keycloak.github.io/docs/rest-api/admin/realms/%7Brealm%7D/users/%7Bid%7D/role-mappings/realm/index.html#POST
> 
> On 8/3/2015 9:51 AM, Bill Burke wrote:
> > http://keycloak.github.io/docs/rest-api/admin/realms/%7Brealm%7D/users/%7Bid%7D/role-mappings/clients/%7Bclient%7D/index.html
> >
> > On 8/3/2015 9:48 AM, Edem Morny wrote:
> >> Hi,
> >>
> >> Sorry Bill, I think I'm confusing matters here. The AdminClient I'm
> >> referring to is not the keycloak-admin-client.jar but rather a
> >> combination of insights from
> >> https://github.com/keycloak/keycloak/blob/master/examples/demo-template/admin-access-app/src/main/java/org/keycloak/example/AdminClient.java
> >> and from the documentation in the user guide.
> >>
> >> That means I'm constructing the URLs myself to invoke the operation. I
> >> intend to move to the keycloak-admin-client in the future though.
> >>
> >> I can't find the corresponding REST url(s) to invoke to achieve the same
> >> results as you describe in your response below. I think that's what I need.
> >> Cheers.
> >>
> >>
> >> On Mon, 2015-08-03 at 09:13 -0400, Bill Burke wrote:
> >>> If you're just using the admin client interfaces its:
> >>>
> >>> realm("realm").users().get("user-id").roles().realmLevel().add(List<RoleRepresentation>
> >>> rolesToAdd)
> >>>
> >>> On 8/3/2015 9:07 AM, Edem Morny wrote:
> >>>> Hi Bill,
> >>>>
> >>>> The adminClient.createUser is my modification of the code situated in
> >>>> the AdminClient implementation of the "admin-access-app" in the
> >>> examples.
> >>>>
> >>>> Could you point me in the direction of the API calls to do the addition
> >>>> of the roles? I had a feeling it might be a subsequent step (like for
> >>>> setting the password, which I actually implemented), but I'm struggling
> >>>> to find any pointers as to how to do this particular one.
> >>>>
> >>>>
> >>>> On Mon, 2015-08-03 at 08:36 -0400, Bill Burke wrote:
> >>>>> Is adminClient.createUser(...) your own method? There is a different
> >>>>> REST API for adding roles.
> >>>>>
> >>>>> create the user
> >>>>> then add the roles
> >>>>>
> >>>>> On 8/3/2015 8:23 AM, Edem Morny wrote:
> >>>>>> Hi,
> >>>>>>
> >>>>>> We're currently using Keycloak 1.2.0.Final.
> >>>>>>
> >>>>>> We are migrating users from an existing application with it's own
> >>> user
> >>>>>> management implementation to Keycloak, and have been making extensive
> >>>>>> use of the Via the REST api to achieve this. I'm able to create a new
> >>>>>> user, set their temporary password and so on. However, I'm
> >>> finding that
> >>>>>> all our attempts to add the roles to the created user seem not to be
> >>>>>> taking effect when we observe the newly created user on the keycloak
> >>>>>> side. Here's the code we are trying to use to do this
> >>>>>>
> >>>>>> UserRepresentation user = new UserRepresentation();
> >>>>>> user.setUsername(username);
> >>>>>> user.setFirstName(employee.getFirstName());
> >>>>>> user.setLastName(employee.getLastName());
> >>>>>> user.setEmail(employee.getEmail());
> >>>>>> user.setEnabled(true);
> >>>>>> user.setEmailVerified(false);
> >>>>>> List<String> requiredActions = new ArrayList<>();
> >>>>>> requiredActions.add(UserModel.RequiredAction.UPDATE_PASSWORD.name());
> >>>>>> *List<String> userRoles = getMigrateRoles(employee);*
> >>>>>> * user.setRealmRoles(userRoles);*
> >>>>>> user.setRequiredActions(requiredActions);
> >>>>>> adminClient.createUser(settings.getKeycloackUrl(),
> >>>>> settings.getRealm(), access, user);
> >>>>>>
> >>>>>> It seams setting the list of roles to the Realm Roles isn't enough to
> >>>>>> the user with these roles. The user gets created alright, but doesn't
> >>>>>> come with any roles. Is there any other means by which we can specify
> >>>>>> the user roles during the process of account creation?
> >>>>>>
> >>>>>> The migration will be very tedious if we ask the administrators to
> >>>>>> manually do the assignment of the user to their roles after our
> >>> current
> >>>>>> implementation of being able to automatically migrate the user
> >>> accounts
> >>>>>> themselves to keycloak.
> >>>>>>
> >>>>>>
> >>>>>> _______________________________________________
> >>>>>> keycloak-user mailing list
> >>>>>> keycloak-user at lists.jboss.org
> >>> <mailto:keycloak-user at lists.jboss.org>
> >>> <mailto:keycloak-user at lists.jboss.org>
> >>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>>>>>
> >>>>>
> >>>>
> >>>>
> >>>> _______________________________________________
> >>>> keycloak-user mailing list
> >>>> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
> >>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>>>
> >>>
> >
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150803/45b2a3ca/attachment-0001.html 


More information about the keycloak-user mailing list