第1步。获取访问令牌:
this
第2步。创建用户并分配角色:
curl --location --request POST 'https://localhost/auth/realms/master/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-url## Heading ##encoded' \
--data-urlencode 'username=*******' \
--data-urlencode 'password=*******' \a
--data-urlencode 'grant_type=*******' \
--data-urlencode 'client_id=*******'
第3步。获取用户详细信息
curl --location --request POST 'https://localhost/auth/admin/realms/MyRealm/users' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJKZFVORmNDU19rWjdvZ3ZFSkI4VXZpMTNRb2hKbnh2VW9oeVpieXg2Vld3In0.eyJqdGkiOiI4OGQ4Njk4NC04OGNjLTQzNzAtYWExMC00MTBkYWY5OGY0ODciLCJleHAiOjE1ODQ5NDA2MTYsIm5iZiI6MCwiaWF0IjoxNTg0OTQwNTU2LCJpc3MiOiJodHRwczovL2lkLmRldi1wcm90b24uaXRlcjIwMDQubGFiLmVoZWFsdGguZXhjaGFuZ2UvYXV0aC9yZWFsbXMvbWFzdGVyIiwic3ViIjoiYzI5YjQzMGItMWZlNC00NzJhLWFjYTMtMzgzYTkxNTNmM2RjIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiYWRtaW4tY2xpIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiNzMyOGUyMDItNzQyZC00ZTdkLTgwMWUtY2UyNGQ1NWUyZDZjIiwiYWNyIjoiMSIsInNjb3BlIjoiZW1haWwgcHJvZmlsZSIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4ifQ.brCZauRzLeoAHvxtgJy6PYwZhbInVfbLA6HF7YHmwuGzoDoexj97P1s03r2G5bzYUkL93sejEFT5AkPeoZ0gpzHY3IsG3UF7Q9Qvk3t5c08CcAqOn4czhYYV91fwwBWMgTv4sQh0D-_bSq0OtI5g9Ojo0sHzxleYEUW8UYdFsQ_JvpOnZEM87CzUhBqsDDnQ4kPslOaaG2q5PPY3ccNKHexE0UkxjtOeUoIn6tdf-0Yqwc55JCMzWOZmt3pFqWKfm3-VZX5lT0UTL9ktrrLfFTIMfZb-Lmyp2g3_s_juUpkbgPpBPHgh6IGS6XaOnxgseq1Vz4h6pZ_A0O60Z8R5-w' \
--data-raw '{
"username": "ayman",
"enabled": true,
"email": " aymanvirtual@gmail.com",
"firstName": "ayman",
"lastName": "ayman",
"emailVerified":true,
"credentials": [
{
"type": "password",
"value": "ayman"
}
],
"realmRoles": [
"test-role"
]
}'
问题:
已成功创建用户,但未为其分配角色(realmRole)。经过更多研究后,我发现此行为是由于keycloak API(stack overflow issue)中的错误引起的。
是否可以创建用户并为其分配领域角色?
更新:
根据一些答案,我们可以使用角色映射器API调用将角色映射到用户。有关这些操作的文档:https://www.keycloak.org/docs-api/6.0/rest-api/index.html#_role_mapper_resource
curl --location --request GET 'https://localhost/auth/admin/realms/MyRealm/users/d3bbe900-c7b3-49c5-9414-28f9433d3fc1' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJKZFVORmNDU19rWjdvZ3ZFSkI4VXZpMTNRb2hKbnh2VW9oeVpieXg2Vld3In0.eyJqdGkiOiJkMjgzYzA2NS1hMmJjLTQwNDctOWQ0MC01NWI4Nzg5YmNkNGUiLCJleHAiOjE1ODQ5NTM2NDgsIm5iZiI6MCwiaWF0IjoxNTg0OTUzNTg4LCJpc3MiOiJodHRwczovL2lkLmRldi1wcm90b24uaXRlcjIwMDQubGFiLmVoZWFsdGguZXhjaGFuZ2UvYXV0aC9yZWFsbXMvbWFzdGVyIiwic3ViIjoiYzI5YjQzMGItMWZlNC00NzJhLWFjYTMtMzgzYTkxNTNmM2RjIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiYWRtaW4tY2xpIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiNjhmYmQ1YWQtMTkwMC00MzgyLThiMmYtYjhlYjExOTA4YmFhIiwiYWNyIjoiMSIsInNjb3BlIjoiZW1haWwgcHJvZmlsZSIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4ifQ.KmWR31pAR4Tl3Mad7awvqeK8np3x5qaPL1tYWAPLDdYaT4nLzpGblmPOBNzYIaEdhs9iwGEmES5_VzrI4C7xUVsY-Zq4jl8iPYP7IawzqgXyrTVuvAO_DLdgdVRKidTT6I-Eh1F87AV14-pOf0GXQ4wnQl5qGl5S6XUTJkegx8eGCg5Qp-zAdHOkxvPL3KRtpgwJx5QCvce-1-wW5Fckk3a-61vXA-o9jUDnJGWTYUyAssVD8zRUs-hhAms1PoR4nW1tCd_9J7xiWmr2hN0-pHY-u5PjNlrxCyOx-3pkRzworZ9e2i0ff0x2dcivpzyDfqe__sdsLVQsiiD1S7ViHw'
以上URL中的组是什么?
答案 0 :(得分:4)
此网址:awk -F '|' -v var="$var" '$1 ~ ("\\<"var"\\>")'
用于为其中POST /{realm}/groups/{id}/role-mappings/realm
是组ID的组分配领域角色。
要为用户分配领域角色,请使用:
{id}
您的请求可以是:
# Get the role lists
GET /{realm}/roles
# Get the user lists
GET /{realm}/users
# Assign your role to user
POST /{realm}/users/{userId}/role-mappings/realm
body :[{id: roleId, name: roleName]
答案 1 :(得分:0)
我遇到了同样的问题,并通过使用 GROUP 进行了纠正,基本上,我已将首选角色添加到用户组角色列表中,并在通过 REST API 创建用户时使用了该特定用户组。
例如:- ADMIN_USER_GROUP -> INCLUDED ('ADMIN_ROLE')
然后用户创建 API 请求应该如下所示,
{
"firstName": "Sergey",
"lastName": "Kargopolov",
"email": "test4@test.com",
"enabled": "true",
"credentials": [
{
"value": "123"
}
],
"groups": [
"ADMIN_USER_GROUP"
]
}