REST API creating a composite role

Getting advice
1

hi,

I am trying to create a role similar to this one;
curl -k -X GET ${KEYCLOAK_URL}/admin/realms/netguard/roles/${ID} -H “Content-Type: application/json” -H “Authorization: bearer $TOKEN” |jq .

  "id": "22da9384-3179-4f89-8cab-8aca7459b3fb",
  "name": "Netguard-iam-ALL",
  "description": "ALL Client Roles for Netguard-iam",
  "composite": true,
  "clientRole": false,
  "containerId": "netguard",
  "attributes": {}
}

and

 curl -k  -X GET ${KEYCLOAK_URL}/admin/realms/netguard/roles/${ID}/composites -H "Content-Type: application/json" -H "Authorization: bearer $TOKEN" | jq .

```[
  {
    "id": "4b611954-f96f-43e6-9904-ebc133085f81",
    "name": "iam-view-others-secure-sessions",
    "composite": false,
    "clientRole": true,
    "containerId": "f03b57ea-adfc-4b37-b5fd-6340d67e3b55"
  },
  {
    "id": "97d66155-886b-45c6-9ab7-f85c0554118d",
    "name": "iam-request-secure-access",
    "composite": false,
    "clientRole": true,
    "containerId": "f03b57ea-adfc-4b37-b5fd-6340d67e3b55"
  }
]

What I have done is the following;

  1. create a role using the following command
echo "{
        \"name\": \"iamALL\",
        \"composite\": false,
        \"clientRole\": false
    }" > tmpdata

curl -s -k -X POST "${KEYCLOAK_URL}/admin/realms/netguard/roles" \
 -H "Content-Type: application/json" \
 -H "Authorization: Bearer ${TOKEN}" \
 -d @tmpdata
  1. I tried to update the just created role adding client roles as follows;
# update role by composite
echo "[{
        \"name\": \"iam-view-others-secure-sessions\",
        \"composite\": false,
        \"clientRole\": true
}]" > tmpdata

curl -k -X POST "${KEYCLOAK_URL}/admin/realms/netguard/clients/76583c5d-3a8e-4668-ade6-9f37e84ab624/roles" \
 -H "Content-Type: application/json" \
 -H "Authorization: Bearer ${TOKEN}" \
 -d @tmpdata

where the id is the id of the recent created role = iamALL

curl -k  -X GET ${KEYCLOAK_URL}/admin/realms/netguard/roles/iamALL -H "Content-Type: application/json" -H "Authorization: bearer $TOKEN" |jq .

{
  "id": "76583c5d-3a8e-4668-ade6-9f37e84ab624",
  "name": "iamALL",
  "composite": false,
  "clientRole": false,
  "containerId": "netguard",
  "attributes": {}
}

and I am getting the following response;

{"error":"Could not find client"}

I got same thing when using composites as follows:

# update role by composite
echo "[{
        \"name\": \"iam-use-secure-access\",
        \"composite\": false,
        \"clientRole\": true
}]" > tmpdata

#curl -k -X POST "${KEYCLOAK_URL}/admin/realms/roles" \
curl -k -X POST "${KEYCLOAK_URL}/admin/realms/netguard/clients/76583c5d-3a8e-4668-ade6-9f37e84ab624/roles/iamALL/composites" \
 -H "Content-Type: application/json" \
 -H "Authorization: Bearer ${TOKEN}" \
 -d @tmpdata

**response**
{"error":"Could not find client"}

I would appreciate any help/advice on this tricky thing, I running out of ideas :frowning:

Thank you in advance!

2

hei,
fortunately, I have found the solution myself, the thing is that all keys seems to be mandatory, this what I have done

# update role by composite
echo "[{
        \"id\": \"4b611954-f96f-43e6-9904-ebc133085f81\",
        \"name\": \"iam-view-others-secure-sessions\",
        \"composite\": false,
        \"clientRole\": true,
        \"containerId\": \"f03b57ea-adfc-4b37-b5fd-6340d67e3b55\"
}]" > tmpdata

curl -k -X POST "${KEYCLOAK_URL}/admin/realms/netguard/roles/iamALL/composites" \
 -H "Content-Type: application/json" \
 -H "Authorization: Bearer ${TOKEN}" \
 -d @tmpdata

and this is what we got and getting composites role;

curl -k  -X GET ${KEYCLOAK_URL}/admin/realms/netguard/roles/iamALL
 -H "Content-Type: application/json" -H "Authorization: bearer $TOKEN" |jq .

response
{
  "id": "76583c5d-3a8e-4668-ade6-9f37e84ab624",
  "name": "iamALL",
  "composite": true,
  "clientRole": false,
  "containerId": "netguard",
  "attributes": {}
}

and for composites;

curl -k  -X GET ${KEYCLOAK_URL}/admin/realms/netguard/roles/${ID}/composites -H "Content-Type: application/json" -H "Authorization: bearer $TOKEN" | jq .

response
[
  {
    "id": "4b611954-f96f-43e6-9904-ebc133085f81",
    "name": "iam-view-others-secure-sessions",
    "composite": false,
    "clientRole": true,
    "containerId": "f03b57ea-adfc-4b37-b5fd-6340d67e3b55"
  }
]
1 Like
3

Hello,

How did you generate the id for update composite role?

Thanks