[keycloak-user] ClientRole Import/Export , Get all ClientRoles of an User, Sharing Authorization
Lasse Jahn
lasse.jahn at student.hpi.de
Tue Jun 25 16:49:39 EDT 2019
Hello,
I have 3 questions.
1. How can I export and import client roles?
(Background: I have a client and created some roles, policies,
permission... Now when I export the client the authorization data was
not included, but I could export them separately. For client roles I
could not find a way of exporting them separate. Some of the client
roles are normal roles other are composite roles.)
2. How do I get all client roles of an user?
(Background: When I look at the OIDC access token of an user, obviously
somehow all client roles can be fetched for an specific user. I need to
walk trough all client roles of an user. For realmRoles there exists an
endpoint in Admin REST api, but for client roles only one to recieve the
client roles of one specific client regarding the user. Is there some
efficient way of getting an array of client roles or something similar?)
3. Can I restrict role-mapping rights of a user to some of the client roles?
(Background: I want to enable an user to map existing client roles to
other users. Give an user the right to share roles to others can be done
this way [1]. But how can I ristrict this rights to only sharing
particular roles? Is this possible? For instance we have 5 roles admin,
share_resource1, access_resource1, share_resource2, access_resource2. A
user with the role admin shall be able to map each of this roles to
other user, user with share_resource1 shall only be able to map the role
access_resource1 but non else, analog for resource2.)
Thanks in advance for any response.
Regards Lasse
[1]
https://lists.jboss.org/pipermail/keycloak-user/2017-November/012192.html
More information about the keycloak-user
mailing list