Keycloak REST API Unable to Delete client-level roles from user role mapping
Question
Hoping someone can help me on this. I've created my own Keycloak Realm, and client. I am using Spring boot and KeycloakRestTemplate from org.keycloak.adapters.springsecurity.client.KeycloakRestTemplate; to make all my calls.
I've been successful in adding client-level roles to the user role mapping to any given user.
I prefix my URI with /admin/realms/ when using the Keycloak API docs. So far all my requests have worked (getting a list of users from my client, getting a list of users that have a particular client-level role, and even adding client-level roles to a user as described above)
My problem is I cannot delete client-level roles from a user. I've looked at the keycloak docs and it looks like I've followed everything correctly. I also made sure the user had applicable client roles available to be deleted. I really appreciate any comments or help given!!
https://www.keycloak.org/docs-api/14.0/rest-api/index.html
"Delete client-level roles from user role mapping DELETE /{realm}/users/{id}/role-mappings/clients/{client}"
import org.keycloak.adapters.springsecurity.client.KeycloakRestTemplate; . . . @Autowired private KeycloakRestTemplate restTemplate; . . . . . UriComponentsBuilder builder = UriComponentsBuilder.fromHttpUrl(keycloakServerUrl + "/admin/realms/"+keycloakRealm+"/users/"+userId+"/role-mappings/clients/"+keycloakClientId); this.restTemplate.postForEntity(builder.toUriString(), rolesList, List.class); // this works! Note: rolesList is an List<RoleRepresentation> object . . . this.restTemplate.delete(builder.toUriString(), rolesList); // Does not work!
URI: http://XXXXXXXXXXXXXXX:8180/auth/admin/realms/VLS/users/2144cc43-59f4-4406-9527-2a59ee0c3751/role-mappings/clients/53e659e1-7cef-4dbb-8cdd-b786ca3a44a4
Error when calling Delete API: org.springframework.web.client.HttpClientErrorException$UnsupportedMediaType: 415 Unsupported Media Type: [{"error":"RESTEASY003065: Cannot consume content type"}]
Edit 1: I have also given myself ALL available roles from all clients as a precaution beforehand. I understand some roles are needed to perform certain tasks even through the API. I've taken this into account.
2 answers
solution1
0 ACCPTED 2021-06-22 23:14:33
KeycloakRestTemplate appears to inherit all of its methods directly from Spring's RestTemplate . According to the documentation for that class, the second argument to delete isn't a request body, as I think you're intending. Rather, it's a vararg of objects used to expand template variables in the URI.
There doesn't appear to be a variant of the delete method that allows you to supply a body, so you'll probably need to use one of the variants of the execute or exchange methods that accepts an HTTP method and a request entity instead. In fact, the RestTemplate API makes this quite difficult to do, because it's generally assumed that DELETE requests don't have bodies.
solution2
0 2022-07-19 07:15:09
The alternate way to interact with Keycloak can be using the keycloak starter dependency and the keycloak admin client .
Add the dependencies mentioned above.
Configure the Keycloak admin user.
public Keycloak getAdminKeycloakUser() { return KeycloakBuilder.builder() .serverUrl(keycloakAuthUrl) .grantType(OAuth2Constants.PASSWORD) .realm(masterRealm).clientId(masterClient) .username(adminUsername).password(adminPassword) .resteasyClient(new ResteasyClientBuilder().connectionPoolSize(10).build()) .build(); }
With this admin user we can delete the client user along with other actions.
getAdminKeycloakUser().realm(realm).clients().roles().deleteRole(roleName);
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.