Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Keycloak User Roles missing in REST API

Tags:

rest

roles

keycloak

user-roles

I would like to ask, if somebody knows, why there are no roles within the user details in REST ADMIN API request. I saw some posts dealing with this topic, but there were either no clear answer or they propose to use keycloak-admin-client, but that seems not very convenient. Maybe I need to map the roles in Admin console or use claims? Roles are one of the most important user attribute so whats the reason they are not retrieved as other user attributes?Any suggestion? Thanks

GET /auth/admin/realms/{realm}/users 

{
  "id": "efa7e6c0-139f-44d8-baa8-10822ed2a9c1",
  "createdTimestamp": 1516707328588,
  "username": "testuser",
  "enabled": true,
  "totp": false,
  "emailVerified": false,
  "firstName": "Test",
  "lastName": "User",
  "email": "[email protected]",
  "attributes": {"xxx": ["123456"]},
  "disableableCredentialTypes": ["password"],
  "requiredActions": []
}
like image 279
troger19 Avatar asked Jan 26 '18 08:01

troger19

People also ask

How do I add a role to a Keycloak?

To assign a user a role: Under the users section in Keycloak, click the user's ID (if there are missing users, click “View all users”). In the role mappings tab, select the GeoStore client from the client roles dropdown. Select the role from the available roles, and click add selected.

How do I add someone to a Keycloak using postman?

To use these endpoints with Postman, we'll start by creating an Environment called “Keycloak.” Then we'll add some key/value entries for the Keycloak authorization server URL, the realm, OAuth 2.0 client id, and client password: Finally, we'll create a collection where we can organize our Keycloak tests.

How do you add a user to a Keycloak in Java?

Create a realm, Go to your realm in Keycloak, go to the users, create a user, just give it username, then save, go to credentials tab of the created user, and give it a password with "password temporary" option turned off.

1 Answers

You are not getting roles in the user details because the REST API is strictly resource based and roles are separate objects that are just associated to a user. The following REST URLs can be used to get a user's roles
Getting the associated realm roles:
GET /auth/admin/realms/{realm}/users/{user-uuid}/role-mappings/realm
Getting the associated role of a specific client:
GET /auth/admin/realms/{realm}/users/{user-uuid}/role-mappings/clients/{client-uuid}

like image 188
Boomer Avatar answered Sep 23 '22 09:09

Boomer
Sign in to Comment

Related questions

How can I use Backbone.js with ASP.Net MVC?
How do I use ETag / If-Match with multiple items
Jersey: MessageBodyWriter not found for media type=application/json, type=class org.codehaus.jackson.node.ObjectNode?
How to Use ActiveResource with Shallow Nested Routes?
Salesforce REST API Login?
javax.ws.rs.client.Client how to configure readTimeOut?
Why would someone design a RESTful API with 'API' in the URI?
Spring MVC Spring Security and Error Handling
HTTP HEAD verb's status code
Why the domain model should not be used as resources in REST API?
MVC or Rest or Both
Spring REST Service Certificate auth
How to setup a tokenizer in elasticsearch
Get JSON response using RestSharp
slimframework request->headers don´t read Authorization
Implementing simple authentication for PHP REST API [closed]
How Do I Get By The Basic Authentication Handshake When Using Fiddler To Test A WCF REST Service?
No Idea why : The ResourceConfig instance does not contain any root resource classes [duplicate]
Good rest code generation and documentation tool [closed]
In laravel how to pass extra data to mutators and accessors

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!