[keycloak-user] admin cli - add composite roles to client role

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[keycloak-user] admin cli - add composite roles to client role

Kevin Hirschmann
Hello,

 

can someone please tell me how to use admin cli to add a client role to
another client role - composite? In the docs I could find a way to add
client roles to realm roles but this isn’t what I need.

 

call kcadm.bat add-roles -r demo --rname TTest --cclientid myapp --rolename
change-color (works if TTest is a realm role)

 

Thanks for your help.

 

Kevin Hirschmann

 

HUEBINET Informationsmanagement GmbH & Co. KG

 

 

Telefon:           +49 (0) 261 / 5 00 86 - 17

Telefax:           +49 (0) 261 / 5 00 86 - 29

E-Mail:              <mailto:[hidden email]>
[hidden email]

Internet:             <http://www.huebinet.de/> www.huebinet.de

 

 HUEBINET Informationsmanagement GmbH & Co. KG

An der Königsbach 8

56075 Koblenz

Sitz und Registergericht: Koblenz HRA 5329

Persönlich haftender Gesellschafter der KG:

HUEBINET GmbH;

Sitz und Registergericht: Koblenz HRB 6857

Geschäftsführung:

Dr. Carsten Schöpp; Michael Biemer; Michael Ewertz

----------------------------------------------------------------------------
----------------------------------------------------------------------------
----------------

 

Der Nachrichtenaustausch mit HUEBINET Informationsmanagement GmbH & Co. KG,
Koblenz via E-Mail dient lediglich zu Informationszwecken.
Rechtsgeschäftliche Erklärungen mit verbindlichem Inhalt können über dieses
Medium nicht ausgetauscht werden, da die Manipulation von E-Mails durch
Dritte nicht ausgeschlossen werden kann.

 

Email communication with HUEBINET Informationsmanagement GmbH & Co. KG is
only intended to provide information of a general kind, and shall not be
used for any statement with binding contents in respect to legal relations.
It is not totally possible to prevent a third party from manipulating emails
and email contents.

 

 

 

_______________________________________________
keycloak-user mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/keycloak-user
Reply | Threaded
Open this post in threaded view
|

Re: [keycloak-user] admin cli - add composite roles to client role

Marko Strukelj
You should be able to add client role to another composite client role with
current kcadm:

$ kcadm.sh add-roles --cclientid test-client --rid
fc400897-ef6a-4e8c-872b-1581b7fa8a71 --rolename support

You first need to discover an id of the composite client role.

For example, in this case there is a client with "clientId": 'test-client',
a client role with "name": "support", and another client role - that will
become composite role - with "id": "fc400897-ef6a-4e8c-872b-1581b7fa8a71",
"name":"operations".


I can get id of the client role by doing:

$ kcadm.sh get-roles --cclientid test-client --rolename operations


After adding the role I can list all roles of a composite role by running:

$ kcadm.sh get-roles --rid fc400897-ef6a-4e8c-872b-1581b7fa8a71 --all



On Mon, May 15, 2017 at 5:10 PM, Marko Strukelj <[hidden email]> wrote:

> This may be an omission in add-roles command. Can you open a JIRA please,
> and describe steps to reproduce?
>
> On Wed, May 10, 2017 at 2:46 PM, Kevin Hirschmann <[hidden email]
> > wrote:
>
>> Hello,
>>
>>
>>
>> can someone please tell me how to use admin cli to add a client role to
>> another client role - composite? In the docs I could find a way to add
>> client roles to realm roles but this isn’t what I need.
>>
>>
>>
>> call kcadm.bat add-roles -r demo --rname TTest --cclientid myapp
>> --rolename
>> change-color (works if TTest is a realm role)
>>
>>
>>
>> Thanks for your help.
>>
>>
>>
>> Kevin Hirschmann
>>
>>
>>
>> HUEBINET Informationsmanagement GmbH & Co. KG
>>
>>
>>
>>
>>
>> Telefon:           +49 (0) 261 / 5 00 86 - 17
>>
>> Telefax:           +49 (0) 261 / 5 00 86 - 29
>>
>> E-Mail:              <mailto:[hidden email]>
>> [hidden email]
>>
>> Internet:             <http://www.huebinet.de/> www.huebinet.de
>>
>>
>>
>>  HUEBINET Informationsmanagement GmbH & Co. KG
>>
>> An der Königsbach 8
>>
>> 56075 Koblenz
>>
>> Sitz und Registergericht: Koblenz HRA 5329
>>
>> Persönlich haftender Gesellschafter der KG:
>>
>> HUEBINET GmbH;
>>
>> Sitz und Registergericht: Koblenz HRB 6857
>>
>> Geschäftsführung:
>>
>> Dr. Carsten Schöpp; Michael Biemer; Michael Ewertz
>>
>> ------------------------------------------------------------
>> ----------------
>> ------------------------------------------------------------
>> ----------------
>> ----------------
>>
>>
>>
>> Der Nachrichtenaustausch mit HUEBINET Informationsmanagement GmbH & Co.
>> KG,
>> Koblenz via E-Mail dient lediglich zu Informationszwecken.
>> Rechtsgeschäftliche Erklärungen mit verbindlichem Inhalt können über
>> dieses
>> Medium nicht ausgetauscht werden, da die Manipulation von E-Mails durch
>> Dritte nicht ausgeschlossen werden kann.
>>
>>
>>
>> Email communication with HUEBINET Informationsmanagement GmbH & Co. KG is
>> only intended to provide information of a general kind, and shall not be
>> used for any statement with binding contents in respect to legal
>> relations.
>> It is not totally possible to prevent a third party from manipulating
>> emails
>> and email contents.
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> [hidden email]
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
_______________________________________________
keycloak-user mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/keycloak-user