[keycloak-user] get users from postman

Geoffrey Cleaves geoff at opticks.io
Fri Dec 7 17:20:35 EST 2018


Ciao Luca,

I don't have a clear answer for you. But I have had some problems in the
past creating roles using a similar JSON representation to the one you use.
I found that although Keycloak did not complain, it did not actually assign
the roles as I had hoped. Could this be happening to you? Instead of
importing this JSON, I recommend you use the Admin Console to manually
create the users and assign them the roles. Then try again with Postman.

When I use Postman to call the users endpoint with a proper token, I do get
a list of all my user successfully. It should work.

Good luck!

On Fri, 7 Dec 2018 at 18:49, Luca Stancapiano <luca.stancapiano at vige.it>
wrote:

> Thanks Geoffrey, if you agree, let me use the query-users role as my
> example only needs to query users. I created new groups configurated with
> the old roles more query-users role. Here the new configuration:
>
> {
>         "realm": "school-domain",
>         "enabled": true,
>         "accessTokenLifespan": 60,
>         "accessCodeLifespan": 60,
>         "accessCodeLifespanUserAction": 300,
>         "ssoSessionIdleTimeout": 600,
>         "ssoSessionMaxLifespan": 36000,
>         "sslRequired": "external",
>         "registrationAllowed": true,
>         "resetPasswordAllowed": true,
>         "editUsernameAllowed": true,
>         "loginWithEmailAllowed": false,
>         "duplicateEmailsAllowed": true,
>         "privateKey":  .......,
>         "publicKey":   .......,
>         "requiredCredentials": [
>                 "password"
>         ],
>         "users": [
>                 {
>                         "username": "root",
>                         "enabled": true,
>                         "email": "lsflashboss62 at gmail.com",
>                         "credentials": [
>                                 {
>                                         "type": "password",
>                                         "value": "gtn"
>                                 }
>                         ],
>                         "groups": [
>                                 "admin"
>                         ]
>                 },
>                 {
>                         "username": "hfgfghhgffhgfgh",
>                         "enabled": true,
>                         "email": "luca.stancapiano at vige.it",
>                         "firstName": "Luca",
>                         "lastName": "Stancapiano",
>                         "credentials": [
>                                 {
>                                         "type": "password",
>                                         "value": "gtn"
>                                 }
>                         ],
>                         "groups": [
>                                 "pupil"
>                         ]
>                 }
>         ],
>         "groups": [
>                 {
>                         "name": "admin",
>                         "path": "/admin",
>                         "attributes": {
>
>                         },
>                         "realmRoles": [
>                                 "admin"
>                         ],
>                         "clientRoles": {
>                                 "realm-management": [
>                                         "query-users"
>                                 ],
>                                 "account": [
>                                         "manage-account"
>                                 ]
>                         },
>                         "subGroups": []
>                 },
>                 {
>                         "name": "pupil",
>                         "path": "/pupil",
>                         "attributes": {
>
>                         },
>                         "realmRoles": [
>                                 "pupil"
>                         ],
>                         "clientRoles": {
>                                 "realm-management": [
>                                         "query-users"
>                                 ],
>                                 "account": [
>                                         "manage-account"
>                                 ]
>                         },
>                         "subGroups": []
>                 }
>         ]
> }
>
> Now, when I connect through postman to the url
> http://localhost:8180/auth/admin/realms/school-domain/users using the
> 'root' user imported through the configuration, I receive an empty list,
> when I espect the two users ('root' and 'hfgfghhgffhgfgh') imported through
> the configuration. Where I wrong now?
>
> > Il 7 dicembre 2018 alle 10.55 Geoffrey Cleaves <geoff at opticks.io> ha
> scritto:
> >
> >
> > Be sure that the token you are using to list the users has a manage-realm
> > role.
> >
> > On Thu, 6 Dec 2018 at 16:09, Luca Stancapiano <luca.stancapiano at vige.it>
> > wrote:
> >
> > > But changing the postman configuration from Oauth 2.0 to Bearer token I
> > > see the error is changed. Now I have a 403 Forbidden
> > >
> > > > Il 6 dicembre 2018 alle 15.08 Joao Paulo Ramos <jramos at redhat.com>
> ha
> > > scritto:
> > > >
> > > >
> > > > Hello Luca,
> > > >
> > > > In your webapp's Keycloak Client, try putting it as baerer only.
> > > > Also, in the the HTTP request that you make, be sure you are setting
> the
> > > > token in the header of the HTTP request, with the following
> parameter:
> > > >
> > > > {"Authorization" : "bearer " + $TOKEN}
> > > >
> > > > Thanks,
> > > >
> > > > JOÃO PAULO RAMOS
> > > >
> > > > Red Hat Brasil
> > > > <https://red.ht/sig>
> > > >
> > > >
> > > > On Thu, Dec 6, 2018 at 11:13 AM Luca Stancapiano <
> > > luca.stancapiano at vige.it>
> > > > wrote:
> > > >
> > > > > I'm trying to call via REST through POSTMAN the list of users
> through
> > > the
> > > > > get path:
> http://localhost:8180/auth/admin/realms/school-domain/users
> > > > >
> > > > > Here my keycloak configuration where I create 2 users, 4 roles, a
> > > 'school'
> > > > > client and a 'school-domain' realm:
> > > > >
> > > > > {
> > > > >         "realm": "school-domain",
> > > > >         "enabled": true,
> > > > >         "accessTokenLifespan": 60,
> > > > >         "accessCodeLifespan": 60,
> > > > >         "accessCodeLifespanUserAction": 300,
> > > > >         "ssoSessionIdleTimeout": 600,
> > > > >         "ssoSessionMaxLifespan": 36000,
> > > > >         "sslRequired": "external",
> > > > >         "registrationAllowed": true,
> > > > >         "resetPasswordAllowed": true,
> > > > >         "editUsernameAllowed": true,
> > > > >         "loginWithEmailAllowed": false,
> > > > >         "duplicateEmailsAllowed": true,
> > > > >         "privateKey":
> > > > >
> > >
> "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
> > > > >         "publicKey":
> > > > >
> > >
> "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
> > > > >         "requiredCredentials": [
> > > > >                 "password"
> > > > >         ],
> > > > >         "users": [
> > > > >                 {
> > > > >                         "username": "root",
> > > > >                         "enabled": true,
> > > > >                         "email": "lsflashboss62 at gmail.com",
> > > > >                         "credentials": [
> > > > >                                 {
> > > > >                                         "type": "password",
> > > > >                                         "value": "gtn"
> > > > >                                 }
> > > > >                         ],
> > > > >                         "realmRoles": [
> > > > >                                 "admin"
> > > > >                         ],
> > > > >                         "clientRoles": {
> > > > >                                 "account": [
> > > > >                                         "manage-account"
> > > > >                                 ]
> > > > >                         }
> > > > >                 },
> > > > >                 {
> > > > >                         "username": "HUHUJJJKJJKN",
> > > > >                         "enabled": true,
> > > > >                         "email": "luca.stancapiano at vige.it",
> > > > >                         "firstName": "Luca",
> > > > >                         "lastName": "Stancapiano",
> > > > >                         "credentials": [
> > > > >                                 {
> > > > >                                         "type": "password",
> > > > >                                         "value": "gtn"
> > > > >                                 }
> > > > >                         ],
> > > > >                         "realmRoles": [
> > > > >                                 "pupil"
> > > > >                         ],
> > > > >                         "clientRoles": {
> > > > >                                 "account": [
> > > > >                                         "manage-account"
> > > > >                                 ]
> > > > >                         }
> > > > >                 }
> > > > >         ],
> > > > >         "clients": [
> > > > >                 {
> > > > >                         "clientId": "school",
> > > > >                         "rootUrl": "http://localhost:8080/school",
> > > > >                         "enabled": true,
> > > > >                         "redirectUris": [
> > > > >                                 "http://localhost:8080/school/*"
> > > > >                         ],
> > > > >                         "webOrigins": [
> > > > >                                 "http://localhost:8080"
> > > > >                         ],
> > > > >                         "publicClient": false,
> > > > >                         "secret":
> > > "bce5816d-98c4-404f-a18d-bcc5cb005c79",
> > > > >                         "serviceAccountsEnabled": true,
> > > > >                         "authorizationServicesEnabled": true,
> > > > >                         "authorizationSettings": {
> > > > >                                 "allowRemoteResourceManagement":
> true,
> > > > >                                 "policyEnforcementMode":
> "ENFORCING",
> > > > >                                 "resources": [
> > > > >                                         {
> > > > >                                                 "name": "Default
> > > Resource",
> > > > >                                                 "type":
> > > > > "urn:school:resources:default",
> > > > >
>  "ownerManagedAccess":
> > > > > false,
> > > > >                                                 "attributes": {
> > > > >
> > > > >                                                 },
> > > > >                                                 "_id":
> > > > > "c338b2be-da73-471c-9bb0-77ad52e1f88f",
> > > > >                                                 "uris": [
> > > > >                                                         "/*"
> > > > >                                                 ]
> > > > >                                         }
> > > > >                                 ],
> > > > >                                 "policies": [
> > > > >                                         {
> > > > >                                                 "id":
> > > > > "edb01393-180e-4d95-afd3-92b3ac5a6d41",
> > > > >                                                 "name": "Default
> > > Policy",
> > > > >                                                 "description": "A
> > > policy
> > > > > that grants access only for users within this realm",
> > > > >                                                 "type": "js",
> > > > >                                                 "logic":
> "POSITIVE",
> > > > >                                                 "decisionStrategy":
> > > > > "AFFIRMATIVE",
> > > > >                                                 "config": {
> > > > >                                                         "code":
> "// by
> > > > > default, grants any permission associated with this
> > > > > policy\n$evaluation.grant();\n"
> > > > >                                                 }
> > > > >                                         },
> > > > >                                         {
> > > > >                                                 "id":
> > > > > "1f5dce97-54e3-4dcf-92bd-a2a59120286f",
> > > > >                                                 "name": "Default
> > > > > Permission",
> > > > >                                                 "description": "A
> > > > > permission that applies to the default resource type",
> > > > >                                                 "type": "resource",
> > > > >                                                 "logic":
> "POSITIVE",
> > > > >                                                 "decisionStrategy":
> > > > > "UNANIMOUS",
> > > > >                                                 "config": {
> > > > >
> > > > > "defaultResourceType": "urn:school:resources:default",
> > > > >
> > >  "applyPolicies":
> > > > > "[\"Default Policy\"]"
> > > > >                                                 }
> > > > >                                         }
> > > > >                                 ],
> > > > >                                 "scopes": []
> > > > >                         }
> > > > >                 }
> > > > >         ],
> > > > >         "roles": {
> > > > >                 "realm": [
> > > > >                         {
> > > > >                                 "name": "admin",
> > > > >                                 "description": "Administrator
> > > privileges"
> > > > >                         },
> > > > >                         {
> > > > >                                 "name": "schooloperator",
> > > > >                                 "description": "School Operator
> > > privileges"
> > > > >                         },
> > > > >                         {
> > > > >                                 "name": "teacher",
> > > > >                                 "description": "Teacher privileges"
> > > > >                         },
> > > > >                         {
> > > > >                                 "name": "pupil",
> > > > >                                 "description": "Pupil privileges"
> > > > >                         }
> > > > >                 ]
> > > > >         }
> > > > > }
> > > > >
> > > > > Keycloak starts on the 8180 port. I configured POSTMAN with OAuth
> 2.0.
> > > > > Here the Oauth configuration used to receive the token:
> > > > >
> > > > > Token Name: Token Name
> > > > > Grant Type: Authorization Code
> > > > > Callback URL: http://localhost:8080/school
> > > > > Auth URL:
> > > > >
> > >
> http://localhost:8180/auth/realms/school-domain/protocol/openid-connect/auth
> > > > > Access Token URL:
> > > > >
> > >
> http://localhost:8180/auth/realms/school-domain/protocol/openid-connect/token
> > > > > Client ID: school
> > > > > Client Secret: bce5816d-98c4-404f-a18d-bcc5cb005c79
> > > > > Client Authentication: Send as Basic Auth header
> > > > >
> > > > > The Callback URL is an active simple web app starting on the 8080
> port.
> > > > > The token creation is ok but when I call the server with the
> created
> > > token
> > > > > I get a 401 Unauthorized error. What I miss?
> > > > > _______________________________________________
> > > > > keycloak-user mailing list
> > > > > keycloak-user at lists.jboss.org
> > > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > > > >
> > >
> > > _______________________________________________
> > > keycloak-user mailing list
> > > keycloak-user at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> >
> >
> > --
> >
> > Regards,
> > Geoffrey Cleaves
>


-- 

Regards,
Geoffrey Cleaves


More information about the keycloak-user mailing list