Search code examples
jbossredhatkeycloakservice-accounts

Keycloak: How to import service accounts with client roles

I've been trying to import pre-configured clients and service accounts with roles so my json file looks something like

[
  "realm": "dev",
  "users": [
    {
      "username": "service-account-example-client",
      "enabled": true,
      "serviceAccountClientId": "example-client",
      "clientRoles": {
        "realm-management": ["view-users"],
        "example-client": ["view-users"]
      }
    }
  ]
]

Also tried to set clients in realm configuration which gets imported but in both cases I have the following issue

  1. Service accounts created,
  2. Client has role in roles list,
  3. But client role for in "Service account roles" is not set.

How to import the service account roles with assigned client roles during setup process when REST API is not available yet?

Also using import export from the UI strips out some configurations.

Keycloak version is: 8.0.0

Thanks.

Solution

  • So at the I decided to go with post-installation step in which re-use generated passwords to assign client role to client with service account

    $ /opt/jboss/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user admin --password ${LAST_PASS} --client admin-cli
$ /opt/jboss/keycloak/bin/kcadm.sh add-roles -r dev --uusername service-account-example-client --cclientid realm-management --rolename view-users'