0
# Identity Management
1
2
Extensive data transfer objects for user management, realm configuration, client settings, roles, groups, and authorization policies. These representations form the core of Keycloak's identity and access management API.
3
4
## Capabilities
5
6
### User Management
7
8
User representation and management with comprehensive profile and security attributes.
9
10
```java { .api }
11
/**
12
* User entity representation with profile and security information
13
*/
14
public class UserRepresentation extends AbstractUserRepresentation {
15
/**
16
* Get the user ID
17
* @return User identifier
18
*/
19
public String getId();
20
21
/**
22
* Set the user ID
23
* @param id User identifier
24
*/
25
public void setId(String id);
26
27
/**
28
* Get the username
29
* @return Username
30
*/
31
public String getUsername();
32
33
/**
34
* Set the username
35
* @param username Username
36
*/
37
public void setUsername(String username);
38
39
/**
40
* Get the email address
41
* @return Email address
42
*/
43
public String getEmail();
44
45
/**
46
* Set the email address
47
* @param email Email address
48
*/
49
public void setEmail(String email);
50
51
/**
52
* Get the first name
53
* @return First name
54
*/
55
public String getFirstName();
56
57
/**
58
* Set the first name
59
* @param firstName First name
60
*/
61
public void setFirstName(String firstName);
62
63
/**
64
* Get the last name
65
* @return Last name
66
*/
67
public String getLastName();
68
69
/**
70
* Set the last name
71
* @param lastName Last name
72
*/
73
public void setLastName(String lastName);
74
75
/**
76
* Check if user is enabled
77
* @return true if user is enabled
78
*/
79
public Boolean isEnabled();
80
81
/**
82
* Set user enabled status
83
* @param enabled Enabled status
84
*/
85
public void setEnabled(Boolean enabled);
86
87
/**
88
* Check if email is verified
89
* @return true if email is verified
90
*/
91
public Boolean isEmailVerified();
92
93
/**
94
* Set email verification status
95
* @param emailVerified Email verification status
96
*/
97
public void setEmailVerified(Boolean emailVerified);
98
99
/**
100
* Get the creation timestamp
101
* @return Creation timestamp in milliseconds
102
*/
103
public Long getCreatedTimestamp();
104
105
/**
106
* Set the creation timestamp
107
* @param createdTimestamp Creation timestamp in milliseconds
108
*/
109
public void setCreatedTimestamp(Long createdTimestamp);
110
111
/**
112
* Get user credentials
113
* @return List of credential representations
114
*/
115
public List<CredentialRepresentation> getCredentials();
116
117
/**
118
* Set user credentials
119
* @param credentials List of credential representations
120
*/
121
public void setCredentials(List<CredentialRepresentation> credentials);
122
123
/**
124
* Get required actions
125
* @return List of required action names
126
*/
127
public List<String> getRequiredActions();
128
129
/**
130
* Set required actions
131
* @param requiredActions List of required action names
132
*/
133
public void setRequiredActions(List<String> requiredActions);
134
135
/**
136
* Get user groups
137
* @return List of group paths
138
*/
139
public List<String> getGroups();
140
141
/**
142
* Set user groups
143
* @param groups List of group paths
144
*/
145
public void setGroups(List<String> groups);
146
147
/**
148
* Get realm roles
149
* @return List of realm role names
150
*/
151
public List<String> getRealmRoles();
152
153
/**
154
* Set realm roles
155
* @param realmRoles List of realm role names
156
*/
157
public void setRealmRoles(List<String> realmRoles);
158
159
/**
160
* Get client roles mapping
161
* @return Map of client ID to role names
162
*/
163
public Map<String, List<String>> getClientRoles();
164
165
/**
166
* Set client roles mapping
167
* @param clientRoles Map of client ID to role names
168
*/
169
public void setClientRoles(Map<String, List<String>> clientRoles);
170
171
/**
172
* Get federated identities
173
* @return List of federated identity representations
174
*/
175
public List<FederatedIdentityRepresentation> getFederatedIdentities();
176
177
/**
178
* Set federated identities
179
* @param federatedIdentities List of federated identity representations
180
*/
181
public void setFederatedIdentities(List<FederatedIdentityRepresentation> federatedIdentities);
182
183
/**
184
* Get user attributes
185
* @return Map of attribute names to values
186
*/
187
public Map<String, List<String>> getAttributes();
188
189
/**
190
* Set user attributes
191
* @param attributes Map of attribute names to values
192
*/
193
public void setAttributes(Map<String, List<String>> attributes);
194
195
/**
196
* Get single attribute value
197
* @param name Attribute name
198
* @return First attribute value or null
199
*/
200
public String singleAttribute(String name);
201
202
/**
203
* Get the not-before timestamp for invalidating sessions
204
* @return Not-before timestamp
205
*/
206
public Integer getNotBefore();
207
208
/**
209
* Set the not-before timestamp
210
* @param notBefore Not-before timestamp
211
*/
212
public void setNotBefore(Integer notBefore);
213
214
/**
215
* Get user consents
216
* @return List of user consent representations
217
*/
218
public List<UserConsentRepresentation> getConsents();
219
220
/**
221
* Set user consents
222
* @param consents List of user consent representations
223
*/
224
public void setConsents(List<UserConsentRepresentation> consents);
225
226
/**
227
* Get service account client ID (for service accounts)
228
* @return Client ID or null
229
*/
230
public String getServiceAccountClientId();
231
232
/**
233
* Set service account client ID
234
* @param serviceAccountClientId Client ID
235
*/
236
public void setServiceAccountClientId(String serviceAccountClientId);
237
}
238
239
/**
240
* Abstract base user representation
241
*/
242
public abstract class AbstractUserRepresentation {
243
/**
244
* Get the origin (for federated users)
245
* @return Origin identifier
246
*/
247
public String getOrigin();
248
249
/**
250
* Set the origin
251
* @param origin Origin identifier
252
*/
253
public void setOrigin(String origin);
254
255
/**
256
* Get the self link URL
257
* @return Self link URL
258
*/
259
public String getSelf();
260
261
/**
262
* Set the self link URL
263
* @param self Self link URL
264
*/
265
public void setSelf(String self);
266
}
267
```
268
269
### Realm Management
270
271
Realm configuration and settings representation.
272
273
```java { .api }
274
/**
275
* Realm configuration representation
276
*/
277
public class RealmRepresentation {
278
/**
279
* Get the realm ID
280
* @return Realm identifier
281
*/
282
public String getId();
283
284
/**
285
* Set the realm ID
286
* @param id Realm identifier
287
*/
288
public void setId(String id);
289
290
/**
291
* Get the realm name
292
* @return Realm name
293
*/
294
public String getRealm();
295
296
/**
297
* Set the realm name
298
* @param realm Realm name
299
*/
300
public void setRealm(String realm);
301
302
/**
303
* Get the display name
304
* @return Display name
305
*/
306
public String getDisplayName();
307
308
/**
309
* Set the display name
310
* @param displayName Display name
311
*/
312
public void setDisplayName(String displayName);
313
314
/**
315
* Get the display name for HTML contexts
316
* @return HTML display name
317
*/
318
public String getDisplayNameHtml();
319
320
/**
321
* Set the HTML display name
322
* @param displayNameHtml HTML display name
323
*/
324
public void setDisplayNameHtml(String displayNameHtml);
325
326
/**
327
* Check if realm is enabled
328
* @return true if enabled
329
*/
330
public Boolean isEnabled();
331
332
/**
333
* Set realm enabled status
334
* @param enabled Enabled status
335
*/
336
public void setEnabled(Boolean enabled);
337
338
/**
339
* Check if user registration is allowed
340
* @return true if registration allowed
341
*/
342
public Boolean isRegistrationAllowed();
343
344
/**
345
* Set registration allowed flag
346
* @param registrationAllowed Registration allowed flag
347
*/
348
public void setRegistrationAllowed(Boolean registrationAllowed);
349
350
/**
351
* Check if email as username is enabled
352
* @return true if email as username
353
*/
354
public Boolean isRegistrationEmailAsUsername();
355
356
/**
357
* Set email as username flag
358
* @param registrationEmailAsUsername Email as username flag
359
*/
360
public void setRegistrationEmailAsUsername(Boolean registrationEmailAsUsername);
361
362
/**
363
* Check if email verification is required
364
* @return true if verification required
365
*/
366
public Boolean isVerifyEmail();
367
368
/**
369
* Set email verification required flag
370
* @param verifyEmail Email verification flag
371
*/
372
public void setVerifyEmail(Boolean verifyEmail);
373
374
/**
375
* Check if login with email is enabled
376
* @return true if login with email enabled
377
*/
378
public Boolean isLoginWithEmailAllowed();
379
380
/**
381
* Set login with email flag
382
* @param loginWithEmailAllowed Login with email flag
383
*/
384
public void setLoginWithEmailAllowed(Boolean loginWithEmailAllowed);
385
386
/**
387
* Check if duplicate emails are allowed
388
* @return true if duplicate emails allowed
389
*/
390
public Boolean isDuplicateEmailsAllowed();
391
392
/**
393
* Set duplicate emails allowed flag
394
* @param duplicateEmailsAllowed Duplicate emails flag
395
*/
396
public void setDuplicateEmailsAllowed(Boolean duplicateEmailsAllowed);
397
398
/**
399
* Check if "remember me" is enabled
400
* @return true if remember me enabled
401
*/
402
public Boolean isRememberMe();
403
404
/**
405
* Set remember me flag
406
* @param rememberMe Remember me flag
407
*/
408
public void setRememberMe(Boolean rememberMe);
409
410
/**
411
* Check if edit username is allowed
412
* @return true if edit username allowed
413
*/
414
public Boolean isEditUsernameAllowed();
415
416
/**
417
* Set edit username allowed flag
418
* @param editUsernameAllowed Edit username flag
419
*/
420
public void setEditUsernameAllowed(Boolean editUsernameAllowed);
421
422
/**
423
* Check if reset password is allowed
424
* @return true if reset password allowed
425
*/
426
public Boolean isResetPasswordAllowed();
427
428
/**
429
* Set reset password allowed flag
430
* @param resetPasswordAllowed Reset password flag
431
*/
432
public void setResetPasswordAllowed(Boolean resetPasswordAllowed);
433
434
/**
435
* Get SSL required setting
436
* @return SSL required setting (none, external, all)
437
*/
438
public String getSslRequired();
439
440
/**
441
* Set SSL required setting
442
* @param sslRequired SSL required setting
443
*/
444
public void setSslRequired(String sslRequired);
445
446
/**
447
* Get password policy
448
* @return Password policy string
449
*/
450
public String getPasswordPolicy();
451
452
/**
453
* Set password policy
454
* @param passwordPolicy Password policy string
455
*/
456
public void setPasswordPolicy(String passwordPolicy);
457
458
/**
459
* Get OTP policy
460
* @return OTP policy representation
461
*/
462
public String getOtpPolicyType();
463
464
/**
465
* Set OTP policy type
466
* @param otpPolicyType OTP policy type
467
*/
468
public void setOtpPolicyType(String otpPolicyType);
469
470
/**
471
* Get users in the realm
472
* @return List of user representations
473
*/
474
public List<UserRepresentation> getUsers();
475
476
/**
477
* Set users in the realm
478
* @param users List of user representations
479
*/
480
public void setUsers(List<UserRepresentation> users);
481
482
/**
483
* Get clients in the realm
484
* @return List of client representations
485
*/
486
public List<ClientRepresentation> getClients();
487
488
/**
489
* Set clients in the realm
490
* @param clients List of client representations
491
*/
492
public void setClients(List<ClientRepresentation> clients);
493
494
/**
495
* Get roles in the realm
496
* @return Roles representation
497
*/
498
public RolesRepresentation getRoles();
499
500
/**
501
* Set roles in the realm
502
* @param roles Roles representation
503
*/
504
public void setRoles(RolesRepresentation roles);
505
506
/**
507
* Get groups in the realm
508
* @return List of group representations
509
*/
510
public List<GroupRepresentation> getGroups();
511
512
/**
513
* Set groups in the realm
514
* @param groups List of group representations
515
*/
516
public void setGroups(List<GroupRepresentation> groups);
517
518
/**
519
* Get default roles
520
* @return List of default role names
521
*/
522
public List<String> getDefaultRoles();
523
524
/**
525
* Set default roles
526
* @param defaultRoles List of default role names
527
*/
528
public void setDefaultRoles(List<String> defaultRoles);
529
530
/**
531
* Get required credentials
532
* @return List of required credential types
533
*/
534
public List<String> getRequiredCredentials();
535
536
/**
537
* Set required credentials
538
* @param requiredCredentials List of required credential types
539
*/
540
public void setRequiredCredentials(List<String> requiredCredentials);
541
542
/**
543
* Get custom attributes
544
* @return Map of custom attributes
545
*/
546
public Map<String, Object> getAttributes();
547
548
/**
549
* Set custom attributes
550
* @param attributes Map of custom attributes
551
*/
552
public void setAttributes(Map<String, Object> attributes);
553
}
554
```
555
556
### Client Management
557
558
OAuth2/OIDC client configuration representation.
559
560
```java { .api }
561
/**
562
* OAuth2/OIDC client configuration representation
563
*/
564
public class ClientRepresentation {
565
/**
566
* Get the client ID
567
* @return Client identifier
568
*/
569
public String getId();
570
571
/**
572
* Set the client ID
573
* @param id Client identifier
574
*/
575
public void setId(String id);
576
577
/**
578
* Get the client identifier (clientId)
579
* @return Client identifier
580
*/
581
public String getClientId();
582
583
/**
584
* Set the client identifier
585
* @param clientId Client identifier
586
*/
587
public void setClientId(String clientId);
588
589
/**
590
* Get the client name
591
* @return Client name
592
*/
593
public String getName();
594
595
/**
596
* Set the client name
597
* @param name Client name
598
*/
599
public void setName(String name);
600
601
/**
602
* Get the client description
603
* @return Client description
604
*/
605
public String getDescription();
606
607
/**
608
* Set the client description
609
* @param description Client description
610
*/
611
public void setDescription(String description);
612
613
/**
614
* Get the root URL
615
* @return Root URL
616
*/
617
public String getRootUrl();
618
619
/**
620
* Set the root URL
621
* @param rootUrl Root URL
622
*/
623
public void setRootUrl(String rootUrl);
624
625
/**
626
* Get the admin URL
627
* @return Admin URL
628
*/
629
public String getAdminUrl();
630
631
/**
632
* Set the admin URL
633
* @param adminUrl Admin URL
634
*/
635
public void setAdminUrl(String adminUrl);
636
637
/**
638
* Get the base URL
639
* @return Base URL
640
*/
641
public String getBaseUrl();
642
643
/**
644
* Set the base URL
645
* @param baseUrl Base URL
646
*/
647
public void setBaseUrl(String baseUrl);
648
649
/**
650
* Check if client is enabled
651
* @return true if enabled
652
*/
653
public Boolean isEnabled();
654
655
/**
656
* Set client enabled status
657
* @param enabled Enabled status
658
*/
659
public void setEnabled(Boolean enabled);
660
661
/**
662
* Check if always display in console
663
* @return true if always display
664
*/
665
public Boolean isAlwaysDisplayInConsole();
666
667
/**
668
* Set always display in console flag
669
* @param alwaysDisplayInConsole Always display flag
670
*/
671
public void setAlwaysDisplayInConsole(Boolean alwaysDisplayInConsole);
672
673
/**
674
* Get client authenticator type
675
* @return Authenticator type
676
*/
677
public String getClientAuthenticatorType();
678
679
/**
680
* Set client authenticator type
681
* @param clientAuthenticatorType Authenticator type
682
*/
683
public void setClientAuthenticatorType(String clientAuthenticatorType);
684
685
/**
686
* Get valid redirect URIs
687
* @return List of valid redirect URIs
688
*/
689
public List<String> getRedirectUris();
690
691
/**
692
* Set valid redirect URIs
693
* @param redirectUris List of valid redirect URIs
694
*/
695
public void setRedirectUris(List<String> redirectUris);
696
697
/**
698
* Get web origins
699
* @return List of web origins for CORS
700
*/
701
public List<String> getWebOrigins();
702
703
/**
704
* Set web origins
705
* @param webOrigins List of web origins for CORS
706
*/
707
public void setWebOrigins(List<String> webOrigins);
708
709
/**
710
* Get not-before timestamp
711
* @return Not-before timestamp
712
*/
713
public Integer getNotBefore();
714
715
/**
716
* Set not-before timestamp
717
* @param notBefore Not-before timestamp
718
*/
719
public void setNotBefore(Integer notBefore);
720
721
/**
722
* Check if bearer-only client
723
* @return true if bearer-only
724
*/
725
public Boolean isBearerOnly();
726
727
/**
728
* Set bearer-only flag
729
* @param bearerOnly Bearer-only flag
730
*/
731
public void setBearerOnly(Boolean bearerOnly);
732
733
/**
734
* Check if consent required
735
* @return true if consent required
736
*/
737
public Boolean isConsentRequired();
738
739
/**
740
* Set consent required flag
741
* @param consentRequired Consent required flag
742
*/
743
public void setConsentRequired(Boolean consentRequired);
744
745
/**
746
* Check if standard flow enabled
747
* @return true if standard flow enabled
748
*/
749
public Boolean isStandardFlowEnabled();
750
751
/**
752
* Set standard flow enabled flag
753
* @param standardFlowEnabled Standard flow flag
754
*/
755
public void setStandardFlowEnabled(Boolean standardFlowEnabled);
756
757
/**
758
* Check if implicit flow enabled
759
* @return true if implicit flow enabled
760
*/
761
public Boolean isImplicitFlowEnabled();
762
763
/**
764
* Set implicit flow enabled flag
765
* @param implicitFlowEnabled Implicit flow flag
766
*/
767
public void setImplicitFlowEnabled(Boolean implicitFlowEnabled);
768
769
/**
770
* Check if direct access grants enabled
771
* @return true if direct access grants enabled
772
*/
773
public Boolean isDirectAccessGrantsEnabled();
774
775
/**
776
* Set direct access grants enabled flag
777
* @param directAccessGrantsEnabled Direct access grants flag
778
*/
779
public void setDirectAccessGrantsEnabled(Boolean directAccessGrantsEnabled);
780
781
/**
782
* Check if service accounts enabled
783
* @return true if service accounts enabled
784
*/
785
public Boolean isServiceAccountsEnabled();
786
787
/**
788
* Set service accounts enabled flag
789
* @param serviceAccountsEnabled Service accounts flag
790
*/
791
public void setServiceAccountsEnabled(Boolean serviceAccountsEnabled);
792
793
/**
794
* Check if public client
795
* @return true if public client
796
*/
797
public Boolean isPublicClient();
798
799
/**
800
* Set public client flag
801
* @param publicClient Public client flag
802
*/
803
public void setPublicClient(Boolean publicClient);
804
805
/**
806
* Check if frontchannel logout
807
* @return true if frontchannel logout
808
*/
809
public Boolean isFrontchannelLogout();
810
811
/**
812
* Set frontchannel logout flag
813
* @param frontchannelLogout Frontchannel logout flag
814
*/
815
public void setFrontchannelLogout(Boolean frontchannelLogout);
816
817
/**
818
* Get the protocol (openid-connect, saml, etc.)
819
* @return Protocol name
820
*/
821
public String getProtocol();
822
823
/**
824
* Set the protocol
825
* @param protocol Protocol name
826
*/
827
public void setProtocol(String protocol);
828
829
/**
830
* Get client attributes
831
* @return Map of client attributes
832
*/
833
public Map<String, String> getAttributes();
834
835
/**
836
* Set client attributes
837
* @param attributes Map of client attributes
838
*/
839
public void setAttributes(Map<String, String> attributes);
840
841
/**
842
* Get authentication flow bindings
843
* @return Map of flow bindings
844
*/
845
public Map<String, String> getAuthenticationFlowBindingOverrides();
846
847
/**
848
* Set authentication flow bindings
849
* @param authenticationFlowBindingOverrides Map of flow bindings
850
*/
851
public void setAuthenticationFlowBindingOverrides(Map<String, String> authenticationFlowBindingOverrides);
852
853
/**
854
* Get full scope allowed flag
855
* @return true if full scope allowed
856
*/
857
public Boolean isFullScopeAllowed();
858
859
/**
860
* Set full scope allowed flag
861
* @param fullScopeAllowed Full scope allowed flag
862
*/
863
public void setFullScopeAllowed(Boolean fullScopeAllowed);
864
865
/**
866
* Get node re-registration timeout
867
* @return Timeout in seconds
868
*/
869
public Integer getNodeReRegistrationTimeout();
870
871
/**
872
* Set node re-registration timeout
873
* @param nodeReRegistrationTimeout Timeout in seconds
874
*/
875
public void setNodeReRegistrationTimeout(Integer nodeReRegistrationTimeout);
876
877
/**
878
* Get registered nodes
879
* @return Map of registered nodes
880
*/
881
public Map<String, Integer> getRegisteredNodes();
882
883
/**
884
* Set registered nodes
885
* @param registeredNodes Map of registered nodes
886
*/
887
public void setRegisteredNodes(Map<String, Integer> registeredNodes);
888
889
/**
890
* Get protocol mappers
891
* @return List of protocol mapper representations
892
*/
893
public List<ProtocolMapperRepresentation> getProtocolMappers();
894
895
/**
896
* Set protocol mappers
897
* @param protocolMappers List of protocol mapper representations
898
*/
899
public void setProtocolMappers(List<ProtocolMapperRepresentation> protocolMappers);
900
901
/**
902
* Get client scopes
903
* @return List of client scope names
904
*/
905
public List<String> getDefaultClientScopes();
906
907
/**
908
* Set default client scopes
909
* @param defaultClientScopes List of client scope names
910
*/
911
public void setDefaultClientScopes(List<String> defaultClientScopes);
912
913
/**
914
* Get optional client scopes
915
* @return List of optional client scope names
916
*/
917
public List<String> getOptionalClientScopes();
918
919
/**
920
* Set optional client scopes
921
* @param optionalClientScopes List of optional client scope names
922
*/
923
public void setOptionalClientScopes(List<String> optionalClientScopes);
924
925
/**
926
* Get access settings
927
* @return Access settings map
928
*/
929
public Map<String, Boolean> getAccess();
930
931
/**
932
* Set access settings
933
* @param access Access settings map
934
*/
935
public void setAccess(Map<String, Boolean> access);
936
}
937
```
938
939
### Role Management
940
941
Role representation and role mapping functionality.
942
943
```java { .api }
944
/**
945
* Role representation
946
*/
947
public class RoleRepresentation {
948
/**
949
* Get the role ID
950
* @return Role identifier
951
*/
952
public String getId();
953
954
/**
955
* Set the role ID
956
* @param id Role identifier
957
*/
958
public void setId(String id);
959
960
/**
961
* Get the role name
962
* @return Role name
963
*/
964
public String getName();
965
966
/**
967
* Set the role name
968
* @param name Role name
969
*/
970
public void setName(String name);
971
972
/**
973
* Get the role description
974
* @return Role description
975
*/
976
public String getDescription();
977
978
/**
979
* Set the role description
980
* @param description Role description
981
*/
982
public void setDescription(String description);
983
984
/**
985
* Check if role is composite
986
* @return true if composite role
987
*/
988
public Boolean isComposite();
989
990
/**
991
* Set composite role flag
992
* @param composite Composite role flag
993
*/
994
public void setComposite(Boolean composite);
995
996
/**
997
* Check if client role
998
* @return true if client role
999
*/
1000
public Boolean isClientRole();
1001
1002
/**
1003
* Set client role flag
1004
* @param clientRole Client role flag
1005
*/
1006
public void setClientRole(Boolean clientRole);
1007
1008
/**
1009
* Get the container ID (realm or client)
1010
* @return Container identifier
1011
*/
1012
public String getContainerId();
1013
1014
/**
1015
* Set the container ID
1016
* @param containerId Container identifier
1017
*/
1018
public void setContainerId(String containerId);
1019
1020
/**
1021
* Get composite role details
1022
* @return Composite role representation
1023
*/
1024
public RoleRepresentation.Composites getComposites();
1025
1026
/**
1027
* Set composite role details
1028
* @param composites Composite role representation
1029
*/
1030
public void setComposites(RoleRepresentation.Composites composites);
1031
1032
/**
1033
* Get role attributes
1034
* @return Map of role attributes
1035
*/
1036
public Map<String, List<String>> getAttributes();
1037
1038
/**
1039
* Set role attributes
1040
* @param attributes Map of role attributes
1041
*/
1042
public void setAttributes(Map<String, List<String>> attributes);
1043
1044
/**
1045
* Composite role information
1046
*/
1047
public static class Composites {
1048
/**
1049
* Get realm composite roles
1050
* @return List of realm role names
1051
*/
1052
public List<String> getRealm();
1053
1054
/**
1055
* Set realm composite roles
1056
* @param realm List of realm role names
1057
*/
1058
public void setRealm(List<String> realm);
1059
1060
/**
1061
* Get client composite roles
1062
* @return Map of client ID to role names
1063
*/
1064
public Map<String, List<String>> getClient();
1065
1066
/**
1067
* Set client composite roles
1068
* @param client Map of client ID to role names
1069
*/
1070
public void setClient(Map<String, List<String>> client);
1071
}
1072
}
1073
1074
/**
1075
* Roles container representation
1076
*/
1077
public class RolesRepresentation {
1078
/**
1079
* Get realm roles
1080
* @return List of realm role representations
1081
*/
1082
public List<RoleRepresentation> getRealm();
1083
1084
/**
1085
* Set realm roles
1086
* @param realm List of realm role representations
1087
*/
1088
public void setRealm(List<RoleRepresentation> realm);
1089
1090
/**
1091
* Get client roles
1092
* @return Map of client ID to role representations
1093
*/
1094
public Map<String, List<RoleRepresentation>> getClient();
1095
1096
/**
1097
* Set client roles
1098
* @param client Map of client ID to role representations
1099
*/
1100
public void setClient(Map<String, List<RoleRepresentation>> client);
1101
}
1102
```
1103
1104
### Group Management
1105
1106
Group representation with hierarchical structure support.
1107
1108
```java { .api }
1109
/**
1110
* Group representation with hierarchical structure
1111
*/
1112
public class GroupRepresentation {
1113
/**
1114
* Get the group ID
1115
* @return Group identifier
1116
*/
1117
public String getId();
1118
1119
/**
1120
* Set the group ID
1121
* @param id Group identifier
1122
*/
1123
public void setId(String id);
1124
1125
/**
1126
* Get the group name
1127
* @return Group name
1128
*/
1129
public String getName();
1130
1131
/**
1132
* Set the group name
1133
* @param name Group name
1134
*/
1135
public void setName(String name);
1136
1137
/**
1138
* Get the group path
1139
* @return Full group path
1140
*/
1141
public String getPath();
1142
1143
/**
1144
* Set the group path
1145
* @param path Full group path
1146
*/
1147
public void setPath(String path);
1148
1149
/**
1150
* Get group attributes
1151
* @return Map of group attributes
1152
*/
1153
public Map<String, List<String>> getAttributes();
1154
1155
/**
1156
* Set group attributes
1157
* @param attributes Map of group attributes
1158
*/
1159
public void setAttributes(Map<String, List<String>> attributes);
1160
1161
/**
1162
* Get realm roles
1163
* @return List of realm role names
1164
*/
1165
public List<String> getRealmRoles();
1166
1167
/**
1168
* Set realm roles
1169
* @param realmRoles List of realm role names
1170
*/
1171
public void setRealmRoles(List<String> realmRoles);
1172
1173
/**
1174
* Get client roles
1175
* @return Map of client ID to role names
1176
*/
1177
public Map<String, List<String>> getClientRoles();
1178
1179
/**
1180
* Set client roles
1181
* @param clientRoles Map of client ID to role names
1182
*/
1183
public void setClientRoles(Map<String, List<String>> clientRoles);
1184
1185
/**
1186
* Get subgroups
1187
* @return List of subgroup representations
1188
*/
1189
public List<GroupRepresentation> getSubGroups();
1190
1191
/**
1192
* Set subgroups
1193
* @param subGroups List of subgroup representations
1194
*/
1195
public void setSubGroups(List<GroupRepresentation> subGroups);
1196
1197
/**
1198
* Get access settings
1199
* @return Access settings map
1200
*/
1201
public Map<String, Boolean> getAccess();
1202
1203
/**
1204
* Set access settings
1205
* @param access Access settings map
1206
*/
1207
public void setAccess(Map<String, Boolean> access);
1208
}
1209
```
1210
1211
## Usage Examples
1212
1213
```java
1214
import org.keycloak.representations.idm.*;
1215
import java.util.*;
1216
1217
// Create user representation
1218
UserRepresentation user = new UserRepresentation();
1219
user.setUsername("john.doe");
1220
user.setEmail("john.doe@example.com");
1221
user.setFirstName("John");
1222
user.setLastName("Doe");
1223
user.setEnabled(true);
1224
user.setEmailVerified(true);
1225
1226
// Set user attributes
1227
Map<String, List<String>> attributes = new HashMap<>();
1228
attributes.put("department", Arrays.asList("Engineering"));
1229
attributes.put("location", Arrays.asList("New York"));
1230
user.setAttributes(attributes);
1231
1232
// Set user roles
1233
user.setRealmRoles(Arrays.asList("user", "developer"));
1234
Map<String, List<String>> clientRoles = new HashMap<>();
1235
clientRoles.put("my-app", Arrays.asList("app-user", "viewer"));
1236
user.setClientRoles(clientRoles);
1237
1238
// Set user groups
1239
user.setGroups(Arrays.asList("/Engineering", "/Engineering/Backend"));
1240
1241
// Create realm representation
1242
RealmRepresentation realm = new RealmRepresentation();
1243
realm.setRealm("my-company");
1244
realm.setDisplayName("My Company");
1245
realm.setEnabled(true);
1246
realm.setRegistrationAllowed(true);
1247
realm.setVerifyEmail(true);
1248
realm.setLoginWithEmailAllowed(true);
1249
realm.setPasswordPolicy("length(8) and digits(1) and lowerCase(1) and upperCase(1)");
1250
1251
// Create client representation
1252
ClientRepresentation client = new ClientRepresentation();
1253
client.setClientId("my-web-app");
1254
client.setName("My Web Application");
1255
client.setEnabled(true);
1256
client.setPublicClient(false);
1257
client.setStandardFlowEnabled(true);
1258
client.setDirectAccessGrantsEnabled(true);
1259
client.setServiceAccountsEnabled(true);
1260
1261
// Set client URLs
1262
client.setRootUrl("https://myapp.example.com");
1263
client.setRedirectUris(Arrays.asList("https://myapp.example.com/auth/callback"));
1264
client.setWebOrigins(Arrays.asList("https://myapp.example.com"));
1265
1266
// Set client attributes
1267
Map<String, String> clientAttributes = new HashMap<>();
1268
clientAttributes.put("access.token.lifespan", "300");
1269
clientAttributes.put("client.session.idle.timeout", "1800");
1270
client.setAttributes(clientAttributes);
1271
1272
// Create role representations
1273
RoleRepresentation adminRole = new RoleRepresentation();
1274
adminRole.setName("admin");
1275
adminRole.setDescription("Administrator role");
1276
adminRole.setComposite(false);
1277
1278
RoleRepresentation userRole = new RoleRepresentation();
1279
userRole.setName("user");
1280
userRole.setDescription("Standard user role");
1281
userRole.setComposite(false);
1282
1283
// Create group representation with hierarchy
1284
GroupRepresentation engineeringGroup = new GroupRepresentation();
1285
engineeringGroup.setName("Engineering");
1286
engineeringGroup.setPath("/Engineering");
1287
1288
GroupRepresentation backendGroup = new GroupRepresentation();
1289
backendGroup.setName("Backend");
1290
backendGroup.setPath("/Engineering/Backend");
1291
1292
engineeringGroup.setSubGroups(Arrays.asList(backendGroup));
1293
1294
// Set group roles
1295
engineeringGroup.setRealmRoles(Arrays.asList("developer"));
1296
Map<String, List<String>> groupClientRoles = new HashMap<>();
1297
groupClientRoles.put("my-web-app", Arrays.asList("app-developer"));
1298
engineeringGroup.setClientRoles(groupClientRoles);
1299
```