[keycloak-user] Admin REST New User Client Roles
Thomas Darimont
thomas.darimont at googlemail.com
Fri Mar 10 16:18:26 EST 2017
Hello,
to assign client or realm roles you need to use dedicated sub resources of
the user resource,
The following example creates a new user and assigns a realm role and
client role via the Keycloak Admin Client API:
package de.tdlabs.keycloak.client;
import org.keycloak.OAuth2Constants;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.KeycloakBuilder;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.admin.client.resource.UsersResource;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import javax.ws.rs.core.Response;
import java.util.Arrays;
import java.util.Collections;
/**
* Created by tom on 09.08.16.
*/
public class KeycloakClientExample {
public static void main(String[] args) {
String serverUrl = "http://localhost:8081/auth";
String realm = "acme";
String clientId = "idm-client";
String clientSecret = "288876a6-c469-4a58-bdbb-5aefa8fd82ab";
Keycloak keycloak = KeycloakBuilder.builder() //
.serverUrl(serverUrl)
.realm(realm)
.grantType(OAuth2Constants.CLIENT_CREDENTIALS)
.clientId(clientId)
.clientSecret(clientSecret)
.build();
UserRepresentation user = new UserRepresentation();
user.setEnabled(true);
user.setUsername("tester1");
user.setEmail("tom+tester1 at localhost");
user.setAttributes(Collections.singletonMap("origin",
Arrays.asList("demo")));
RealmResource realmResource = keycloak.realm(realm);
UsersResource userRessource = realmResource.users();
Response response = userRessource.create(user);
System.out.println(response.getLocation());
String userId =
response.getLocation().getPath().replaceAll(".*/([^/]+)$", "$1");
RoleRepresentation testerRealmRole =
realmResource.roles().get("tester").toRepresentation();
userRessource.get(userId).roles().realmLevel().add(Arrays.asList(testerRealmRole));
ClientRepresentation app1Client =
realmResource.clients().findByClientId("app1").get(0);
RoleRepresentation userClientRole =
realmResource.clients().get(app1Client.getId()).roles().get("user").toRepresentation();
userRessource.get(userId).roles().clientLevel(app1Client.getId()).add(Arrays.asList(userClientRole));
CredentialRepresentation passwordCred = new CredentialRepresentation();
passwordCred.setTemporary(false);
passwordCred.setType(CredentialRepresentation.PASSWORD);
passwordCred.setValue("test");
userRessource.get(userId).resetPassword(passwordCred);
}
}
Cheers,
Thomas
2017-03-10 16:07 GMT+01:00 Sven Thoms <sven.thoms at gmail.com>:
> I am having trouble adding a default client role when posting a new user to
> the ADMIN REST interface.
> According to one data migration code, it would work:
>
> https://github.com/keycloak/keycloak/blob/1aeec2a83c6677cd7dcfccb6ba2c39
> d10143b920/examples/authz/photoz/photoz-realm.json
>
>
> curl -v -X POST \
> -H "Content-Type:application/json" \
> -H 'Authorization: bearer xxxx' \
> -d '{
> "username": "my_user",
> "enabled": true,
> "credentials": [
> {
> "value" : "my_password",
> "temporary" : false
> } ],
> "realmRoles": [
> "offline_access", "uma_authorization"
> ],
> "clientRoles": {
> "realm-management": [
> "view-clients"
> ]
> }
> }' \
> https://mydomain/auth/admin/realms/myrealm/users
>
>
> The new user is created, but role mappings are not assigned. Is this
> another case of Admin REST API and AuthZ not working together?
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list