Skip to main content

Assigning Roles in Keycloak

In the following examples, we demonstrate how to add roles for company and officer endpoints.

Add Required Roles in Realm Roles

Initially, the default realm role dev does not include the roles required for your application. Refer to the screenshots for guidance.

Go to the Keycloack page http://dev.strategyobject.com:6060/admin/master/console/#/dev and, on top-right, select the dev realm.

To add the necessary roles, click on the Realm roles on the left sidebar an then click on the blue button Create Role.

Create Role Btn

Realm Roles

Then create a role, as in the image, specifying role name, officer, and the description.

Create Role

The role should appears togheter with the other roles. As you can see, we have already added the roles needed for our project.

Check Role

Checking User Roles

To verify the roles assigned to the user bob:

  1. Access the Keycloak admin console at: http://dev.strategyobject.com:6060/

  2. Navigate to the dev realm under the StrategyObject environment.

  3. In the left-hand menu, click Users, then select bob.

  4. Open the Role Mappings tab.

You will see that the user bob does not have the role company assigned (see screenshot).

No Assigned Role

Adding the Required Role to Users

To grant access to the search endpoint, click on Assign role button and assign the company role to bob as shown in the following screenshots.

Assign Role Btn

Use the top-left filter, inside the modal, and select "Filter by realm roles" and then select the "company" role. Then click assign:

Assign Role Tab

You will see the assigned role:

Role Assigned

Successful Invocation

Now return to Swagger and ensure you are logged in. If necessary, click Authorize again and re-authenticate. Then, try invoking the submit endpoint. To do this you will have to specify the body, in this case you can use something like this:

BodyExample
{
  "companyName": "BlueWave Technologies",
  "legalForm": "Ltd",
  "establishedDate": "2021-07-15",
  "capital": 150000,
  "employees": 200,
  "phone": "+44 20 7946 0958",
  "email": "[email protected]",
  "type": {
    "code": "UK-TECH",
    "description": "Technology and Innovation Company"
  },
  "address": {
    "street": "45 Kingsway",
    "city": "London",
    "state": "London",
    "zip": "WC2B 6EJ"
  },
  "website": "https://www.bluewave.tech",
  "shareholders": [
    {
      "id": "SH101",
      "firstName": "James",
      "lastName": "Anderson",
      "phone": "+44 7700 900001",
      "email": "[email protected]",
      "shares": 1500,
      "percentage": 60.0,
    },
    {
      "id": "SH102",
      "firstName": "Emily",
      "lastName": "Clark",
      "phone": "+44 7700 900002",
      "email": "[email protected]",
      "shares": 1000,
      "percentage": 40.0,
    }
  ]
}

This time, you should receive a 200 OK response along with the expected results (see screenshots).

200 OK