"realmRoles"通过Keycloak API添加用户时，将忽略此参数 [英] The "realmRoles" parameter is ignored when adding a user via the Keycloak API

查看：111 发布时间：2021/2/15 18:37:49 ruby keycloak

本文介绍了"realmRoles"通过Keycloak API添加用户时，将忽略此参数的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我正在尝试通过Keycloak API创建用户，并且我希望在首次添加用户时为他们分配领域级别的角色.但是，它似乎不像文档中所说的那样工作.

I am trying to create a user via the Keycloak API, and I would like to assign a realm-level role to them when they are first added. However, it doesn't seem to work like the documentation says it should.

我知道我可以在最初的创建用户请求之后简单地发出第二个add-role-to-user-API请求，但是:

I know that I could simply make a second add-role-to-user API request after the initial create-user one, but:

文档表明我不需要这样做.
第二个API请求可能失败，使用户处于未完成"状态.
这会使我正在编写的代码变得比所需的复杂.

要在irb中使用 keycloak Ruby gem进行测试，我首先请求访问权限来自Keycloak的令牌:

To test this in irb, using the keycloak Ruby gem, I first request an access token from Keycloak:

require 'keycloak'
json = Keycloak::Client.get_token_by_client_credentials
access_token = JSON.parse(json)['access_token']

以下所有内容均在Keycloak中创建了一个用户，但没有所有者"角色:

All of the following create a user within Keycloak, but without the "owner" role:

Keycloak::Admin.generic_post('users', nil, { username: 'someone', realmRoles: ['owner'] }, access_token)
Keycloak::Admin.generic_post('users', nil, { username: 'someone', realmRoles: ['1fff5f5f-7357-4f73-b45d-65ccd01f3bc8'] }, access_token)
Keycloak::Admin.generic_post('users', nil, { username: 'someone', realmRoles: ['{"id":"1fff5f5f-7357-4f73-b45d-65ccd01f3bc8","name":"owner","description":"Indicates that a user is the owner of an organisation.","composite":false,"clientRole":false,"containerId":"MyRealmName"}'] }, access_token)

尝试使用角色哈希而不是字符串会导致错误:

Attempting to use a role-hash instead of a string causes an error:

Keycloak::Admin.generic_post('users', nil, { username: 'someone', realmRoles: [{"id"=>"1fff5f5f-7357-4f73-b45d-65ccd01f3bc8", "name"=>"owner", "description"=>"Indicates that a user is the owner of an organisation.", "composite"=>false, "clientRole"=>false, "containerId"=>"MyRealmName"}] }, access_token)

Traceback (most recent call last):
      16: from /home/thomas/.rvm/rubies/ruby-2.6.3/lib/ruby/gems/2.6.0/gems/irb-1.0.0/exe/irb:11:in `<top (required)>'
      15: from (irb):8
      14: from /home/thomas/.rvm/gems/ruby-2.6.3/gems/keycloak-3.0.0/lib/keycloak.rb:541:in `generic_post'
      13: from /home/thomas/.rvm/gems/ruby-2.6.3/gems/keycloak-3.0.0/lib/keycloak.rb:943:in `generic_request'
      12: from /home/thomas/.rvm/gems/ruby-2.6.3/gems/keycloak-3.0.0/lib/keycloak.rb:915:in `block in generic_request'
      11: from /home/thomas/.rvm/gems/ruby-2.6.3/gems/rest-client-2.0.2/lib/restclient.rb:71:in `post'
      10: from /home/thomas/.rvm/gems/ruby-2.6.3/gems/rest-client-2.0.2/lib/restclient/request.rb:52:in `execute'
        9: from /home/thomas/.rvm/gems/ruby-2.6.3/gems/rest-client-2.0.2/lib/restclient/request.rb:145:in `execute'
        8: from /home/thomas/.rvm/gems/ruby-2.6.3/gems/rest-client-2.0.2/lib/restclient/request.rb:715:in `transmit'
        7: from /home/thomas/.rvm/rubies/ruby-2.6.3/lib/ruby/2.6.0/net/http.rb:920:in `start'
        6: from /home/thomas/.rvm/gems/ruby-2.6.3/gems/rest-client-2.0.2/lib/restclient/request.rb:725:in `block in transmit'
        5: from /home/thomas/.rvm/gems/ruby-2.6.3/gems/rest-client-2.0.2/lib/restclient/request.rb:807:in `process_result'
        4: from /home/thomas/.rvm/gems/ruby-2.6.3/gems/keycloak-3.0.0/lib/keycloak.rb:916:in `block (2 levels) in generic_request'
        3: from /home/thomas/.rvm/gems/ruby-2.6.3/gems/keycloak-3.0.0/lib/keycloak.rb:958:in `rescue_response'
        2: from /home/thomas/.rvm/gems/ruby-2.6.3/gems/rest-client-2.0.2/lib/restclient/abstract_response.rb:103:in `return!'
        1: from /home/thomas/.rvm/gems/ruby-2.6.3/gems/rest-client-2.0.2/lib/restclient/abstract_response.rb:223:in `exception_with_response'
RestClient::InternalServerError (500 Internal Server Error)

Keycloak将显示以下内容，表明-如所预期的那样-角色应该是字符串数组，而不是散列:

Keycloak prints the following, indicating that - as expected - the roles should be an array of strings, not hashes:

08:53:27,889 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-22) Uncaught server error: com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot deserialize instance of `java.lang.String` out of START_OBJECT token
at [Source: (io.undertow.servlet.spec.ServletInputStreamImpl); line: 1, column: 37] (through reference chain: org.keycloak.representations.idm.UserRepresentation["realmRoles"]->java.util.ArrayList[0])

如果我传递单个字符串而不是数组，则会发生同样的事情，

The same thing happens if I pass a single string instead of an array, like:

Keycloak::Admin.generic_post('users', nil, { username: 'someone', realmRoles: 'owner' }, access_token)

我是在做错什么，还是这仅仅是Keycloak API中的错误?

Am I doing something wrong, or is this simply a bug in the Keycloak API?

https://www.keycloak.org/docs-api/6.0/rest-api/index.html#_createuser
https://www.keycloak.org/docs-api/6.0/rest-api/index.html#_userrepresentation

Keycloak : unable to map user roles when creating user for api
Keycloak: roles not assigned when user is created via CLI

"realmRoles"通过Keycloak API添加用户时，将忽略此参数 [英] The "realmRoles" parameter is ignored when adding a user via the Keycloak API

问题描述

推荐答案

相关文章

其他开发最新文章

热门教程

热门工具

登录关闭

"realmRoles"通过Keycloak API添加用户时，将忽略此参数 [英] The &quot;realmRoles&quot; parameter is ignored when adding a user via the Keycloak API

问题描述

推荐答案

相关文章

其他开发最新文章

热门教程

热门工具

登录 关闭

"realmRoles"通过Keycloak API添加用户时，将忽略此参数 [英] The "realmRoles" parameter is ignored when adding a user via the Keycloak API

登录关闭