Reputation: 9259
Keycloak: Way to manage default client roles assigned to a user in a realm
In Keycloak, for every realm there are default roles which are assigned to a new user. This also assigns Client Default Roles. I want to update the built in client account default roles and maintain it as part of config as code.
I did not find any REST API for managing Client Default Roles for a realm. For example using Terraform keycloak_default_roles Resource, I can control the realm global roles, but I did not found a way to control the Client Default Roles. Can someone help here?
Update: What I am trying to achieve is, we want to enable edit username option, but only for admins and users should not be able to change either username or email from their profile.
Upvotes: 1
Views: 6638
Answers (1)
Reputation: 9300
This REST API can control default role for new user in realm.
Get default roles list
GET {Keycloak URL}/admin/realms/{realm}/roles-by-id/{default-roles-realmId}/composites
Add custom role into default role
POST {Keycloak URL}/admin/realms/{realm}/roles-by-id/{default-roles-realmId}/composites
Delete custom role from default role
DELETE {Keycloak URL}/admin/realms/{realm}/roles-by-id/{default-roles-realmId}/composites
This demo, I will shows this steps
1 Get master token See this step at first
2 Get role list
http://localhost:8180/auth/admin/realms/test-realm/roles
3 Get default role for test-realm Using 2's default-roles-test-realm ID
http://localhost:8180/auth/admin/realms/test-realm/roles-by-id/f3af5fc6-2829-4330-be45-a9fbc39c4b02/composites
4 Add custom role in test-realm
http://localhost:8180/auth/admin/realms/test-realm/roles
In body
{
"name": "realm_custom_default_role",
"description": ""
}
the status should be return 201 Created
5 Add it to default-role for new user
In Body, this get step 2 after step 4
[
{
"id": "736b0d92-60b9-40ee-9d1f-dd13bc631975",
"name": "realm_custom_default_role",
"description": "",
"composite": false,
"clientRole": false,
"containerId": "fb2137dd-68b0-473a-aab1-b0b5305b429a"
}
]
6 Get Default role list again to confirm step 5 is added
7 Get new user role to check default role applied
new custom role added if add new user
8 Delete the custom role from default role
in body,
[
{
"id": "736b0d92-60b9-40ee-9d1f-dd13bc631975",
"name": "realm_custom_default_role",
"description": "",
"composite": false,
"clientRole": false,
"containerId": "fb2137dd-68b0-473a-aab1-b0b5305b429a"
}
]
the return status should be 204 No Content
Upvotes: 1
Related Questions
- Keycloak - Create Admin User in a Realm
- How to use client to post the realm role in Keycloak?
- Is it possible to configure user in realm with rights to read/modify roles and users
- keycloak remove default roles that are added automatically
- How to prevent Keycloak from creating default Clients in new Realm?
- Keycloak initial user in a realm
- Keycloak Creates new realm with default roles "uma_authorization" and "offline_access". I don't want these roles to be created
- Keycloak - Add/Remove Realm role from a user using APIcalls
- add role to a user in a client keycloak
- Assign realm role to service account keycloak