[keycloak-user] role-mappings.

Martin Kanis mkanis at redhat.com
Tue Feb 26 09:15:57 EST 2019


first of all the last part of your path should be client's id not name.
This might be sometimes confusing. Here is the example of valid path:


Second you have to provide a valid authorization to your request. For
example using a bearer token.

curl -X GET -H "Content-Type:application/json" -H "Authorization: Bearer
<here_provide_valid_access_token>" "correct/path/from/above".

To obtain an access token using the grant_type password (there are other
alternatives as well) you can use:

curl -X POST --data
"grant_type=password&client_id=admin-cli&username=admin&password=admin" -H
"Content-Type: application/x-www-form-urlencoded" "

Hope this helps,


On Tue, Feb 26, 2019 at 11:15 AM Vaclav Havlik <Johny.Dee at seznam.cz> wrote:

> Hello,
> can I ask you again?
> I would like do assign some specific roles (view-realm, manage-users) on
> the
> client realm-management to a user .
> Via REST API, I cannot, however, even display the role-mappings by doing
> /auth/admin/realms/xxx/users/4c0f445a-53e9-45c2-a9c9-a8ac69bb5b48/role-
> mappings/clients/realm-management
> (Gives HTTP 404, xxx is my realm).
> But, if I take my own client, whose name is web_app, then the request
> /auth/admin/realms/xxx/users/4c0f445a-53e9-45c2-a9c9-a8ac69bb5b48/role-
> mappings/clients/web_app
> works (HTTP 200), giving empty array.
> When doing this, I follow instructions on
> https://www.keycloak.org/docs-api/4.0/rest-api/index.html#_client_role_
> mappings_resource
> Can you tell me, what the problem is?
> Thank you, Venca.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list