Hello team,
How do I create policies (i.e User policies, group policies) programmatically via APIs.
I found a apis related to created polices, but none of them seems to create (POST) a policy.
GET /{realm}/client-policies/policies
PUT /{realm}/client-policies/policies
Hi,
If you want to use Rest directly, check keycloak admin gui - it calls Rest api behind the scenes. Just do Inspect in browser and then check network traffic
refer this link Keycloak Authorization APIs to create Policies, Permissions and Resources
I’m looking for the same. I able to create a postman with multiple requests, like get list of users/logig etc.
But straggling with the creating policy call.
So far I found that I need to do a POST to:
{{authUrl}}/admin/realms/tyk/clients/{{clientId}}/authz/resource-server/policy/role
With JSON body:
{
"type": "role",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"name": "Admin role policy",
"description": "Only admin role policy",
"roles": [
{
"id": "b026ef11-6a6d-44da-a477-12d483cc6ef4",
"required": true
}
]
}
At least this call I see from gui. But in postman I always getting: error: “unknow_error” 403 Forbidden
Am I missing some previous call to obtain some extra authorization token apart of login?
1 Like
Is there any solution to this problem? Because I’m trying to use keycloak-admin-client library to create policies programmatically, but there is no way to do it…
For me below curl commands works:
commands:
curl -X POST https://keycloak.local/admin/realms/opendesk/clients/<realm-management-id>/authz/resource-server/policy/client \
--header "Authorization: Bearer ""$MASTER_TOKEN" \
--header "Content-Type: application/json" \
--data '{"clients":["<id-of-client>"],
"logic":"POSITIVE",
"name":"<name-of-policy>",
"description":"<description>"}'
Output/Response:
{"id":"baedXXXX-XXX-XXXX-XXXX-2c72b304f7a3","name":"<client-id>","description":"","type":"client","logic":"POSITIVE","decisionStrategy":"UNANIMOUS","clients":["<id-of-client>"]}