Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-13823

"Dir" Full export/import: On import, service account roles and authorization info are not imported

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Done
    • 9.0.2
    • 11.0.0
    • Import/Export
    • None
    • Hide
      1. Make sure Service Accounts Enabled is enabled in admin-cli client.
      2. Assign to the client admin-cli in the Service Accounts Roles tab the following clientRoles _of _realm-management: view-users and manage-users
      3. Do an export of the realm
      4. Delete the database
      5. Do an import of the realm
      6. Verify in the Service Accounts Roles tab in the clientRoles _section that in _realm-management: view-users and manage-users are not assigned.
      Show
      Make sure Service Accounts Enabled is enabled in admin-cli client. Assign to the client admin-cli in the Service Accounts Roles tab the following clientRoles _of _realm-management : view-users and manage-users Do an export of the realm Delete the database Do an import of the realm Verify in the Service Accounts Roles tab in the clientRoles _section that in _realm-management : view-users and manage-users are not assigned.
    • NEW
    • NEW

    Description

      The same as these https://issues.redhat.com/browse/KEYCLOAK-8463, but it should be fixed in the version I tested.

      After successfully importing the realm and users, the roles are not assigned on the Service account roles tab.

      This is a snippet the file users to be imported. This is the service-account-admin-cli with the clientRoles _ of _realm-management. The roles view-users and manage-users are not imported.

      "users" : [ {
      "id" : "c4d4c0e7-62c9-4482-9f9c-43f5a67db3da",
      "createdTimestamp" : 1587025445241,
      "username" : "service-account-admin-cli",
      "enabled" : true,
      "totp" : false,
      "emailVerified" : false,
      "serviceAccountClientId" : "admin-cli",
      "credentials" : [ ],
      "disableableCredentialTypes" : [ ],
      "requiredActions" : [ "UPDATE_PASSWORD" ],
      "realmRoles" : [ "offline_access", "uma_authorization" ],
      "clientRoles" :

      { "realm-management" : [ "view-users", "manage-users" ], "account" : [ "view-profile", "manage-account" ] }

      ,
      "notBefore" : 0,
      "groups" : [ ]
      }, ...

      Attachments

        Issue Links

          follows up on

          Bug - A problem which impairs or prevents the functions of the product. KEYCLOAK-4923 Client Service Account Roles are not exported

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              rhn-support-rmartinc Ricardo Martin Camarero
              ikeraguayo Iker Aguayo (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: