CODEWITHSUNDEEP
keycloak
Flv N.
Flv N.

Reputation: 51

How can I add a role to default roles in keycloak using admin-cli

I am using admin-cli to add some pre-configurations to a keycloak 3.4.3 docker container.

One of the things that i want to do is add a certain realm role to the list of Default Realm Roles, so that this role is applied automatically when a new user is registered (using the web user registration form).

I couldn’t find anything about this in the documentation. Any ideas on how this could be achieved using admin-cli commands?

Thanks.

Upvotes: 5

Views: 3739

Answers (2)

V-R
V-R

Reputation: 1401

As of Keycloak 18.0.0 changing the Realm Default Roles using kcadm.sh doesn't work via updating the realm's JSON, but does via composite rules.

When we create a realm (e.g. named realm-test1), Keycloak automatically creates a corresponding composite rule default-roles-realm-test1 and populates it with built-in roles offline_access and uma_authorization:

Fresh realm before running script

Here is how we add our own role to (and remove a role from) Realm Default Roles.

$ docker exec -ti keycloak_keycloak_1 bash
bash-4.4$ /opt/keycloak/bin/kcadm.sh create realms -s realm=realm-test1 -s enabled=true
Created new realm with id 'realm-test1'

bash-4.4$ /opt/keycloak/bin/kcadm.sh create roles -r realm-test1 -s name=role-test1
Created new role with id 'role-test1'

bash-4.4$ /opt/keycloak/bin/kcadm.sh add-roles --rname default-roles-realm-test1 --rolename role-test1 -r realm-test1

bash-4.4$ /opt/keycloak/bin/kcadm.sh remove-roles --rname default-roles-realm-test1 --rolename offline_access -r realm-test1

Hitting F5 in the browser we see that it works:

Realm after running script

Documentation

https://www.keycloak.org/docs/latest/server_admin/#adding-realm-roles-to-a-composite-role

Upvotes: 1

dimaKudr
dimaKudr

Reputation: 430

I faced the same question today. Here is my solution:

echo Creating realm TEST
kcadm.sh create realms -s realm=test -s enabled=true

echo Creating Test_Default role
kcadm.sh create roles -r test -s name=test_default

echo Adding Test_Default role to the TEST realm default roles
kcadm.sh update realms/test -f - << EOF
{ "realm": "test", "enabled": true, "defaultRoles" : [ "offline_access", "uma_authorization", "test_default" ] }
EOF

Upvotes: 4

Related Questions