How to create a new user with Postman and assign group in keycloak?

Asked 13/2, 2020 at 15:14 Answered 18/9, 2023 at 12:4

I have this JSON to create a new user, which works for me, but it doesn't assign the group declared in the groups "groups":["APIs"] tab to the user

JSON:

{ 
   "username":"[email protected]",
   "firstName":"1pruebattributesFN",
   "lastName":"1pruebattributesAP",
   "email":"[email protected]",
   "enabled":true,
   "groups":["APIs"],
   "credentials":[ 
      { 
         "temporary": false,
         "type":"password",
         "value":"1234"
      }
   ],
   "attributes":
      { 
         "EmailVerifiedvn":"TRUE",
         "Enabledvn":"TRUE",
         "Entity":"[{\"id\":\"3411982108\",\"name\":\"3411982108 - Claro Home  PAGO APP 2\"}]",
         "State":"Activo",
         "UserCreateDate":"202001031650Z",
         "UserLastModifiedDate":"202001031655Z",
         "UserStatus":"CONFIRMED"
      }
}

The user is created but does not assign the group to the user.

In my keycloak I have declared 3 groups:

groups created

Springing answered 13/2, 2020 at 15:14 Comment(0)

Update:

In Keycloak 17 it can be assigned directly. See Hernaldo's answer.

Old way:

I don't think it works that way, you can use below API to assign a user to a group:

    Request URL: http://localhost:8080/auth/admin/realms/{realm}/users/{userId}/groups/{groupId}
    Request Method: PUT

Source: Keycloak Admin Rest API Docs

Desperation answered 13/2, 2020 at 15:54 Comment(2)

Is there any way to assign list of users to a group ?? – Aceldama 11/9, 2021 at 8:2

@Aceldama I don't think there is an endpoint that supports list insertion, you may have to use a loop for that. – Desperation 25/1, 2022 at 12:28

In keycloak 17 it can be assigned directly:

First you have to create the group "mygroup" inside Keycloak

POST
http://<ip>:8080/admin/realms/master/users

Header

Name: Authorization
Value: Bearer <Admin cli Access token>

Body raw data

{"enabled":true,"username":"usergrupo","email":"[email protected]","firstName":"functest","lastName":"functest", "groups":["migrupo", "miotrogrupo"], "credentials":[{"type":"password","value":"123","temporary":false}]}

Finally the associated user will be created in that group

Documentation:

https://www.keycloak.org/docs-api/12.0/rest-api/#_userrepresentation

Napery answered 28/4, 2022 at 16:15 Comment(2)

What did you assign values of groups? Is it the name of the group, or the ID? – Desolation 5/6, 2023 at 12:2

Getting 500 error with keycloak:25.0.2 – Sheltonshelty 19/8 at 11:13

// Step 1 - Create User 
// Step 2 - Join Group(s) to this user

javax.ws.rs.core.Response response = KeycloakBuilder.builder().build().realm("your-realm-name").users().create(userRepresentation);
if (response != null && response.getStatusInfo().getFamily() == Family.SUCCESSFUL) 
{
    KeycloakBuilder.builder().build().realm("your-realm-name").users().get(CreatedResponseUtil.getCreatedId(response)).joinGroup("your-group-id");
}

Marisamariscal answered 6/9, 2022 at 5:36 Comment(0)

Just one thing to be aware when you are sending payload for creating users with assigned groups. Groups value is array of GROUP_PATHs. Example:

{ 
  ...,
  "groups":[GROUP_PATH,...],
  ...
}

so no GROUP_ID or GROUP_NAME but GROUP_PATH should be used! I have lost a ton of time until I found the issue why groups were not there.

Gober answered 18/9, 2023 at 12:4 Comment(0)

Recommended topics

Hot tags