Keycloak: how to programmatically add new subgroups with associated users?

Question

In Keycloak 8.0.1 we have a Realm with a Group and Subgroups like this:

group -
    subgroup1
    subgroup2
    ...

We need to insert a batch of subgroups and users into group. The subgroup should have some attributes.

How can I do this?

I tried:

Using an exported realm-export.json file with newly added subgroups and "Overwrite" on the import. Now I don't see how to connect the new user with the subgroup. And I am also not sure if old users will not be removed this way.
Calling the Keycloak REST API. It doesn't seem possible to UPDATE a group and add subgroups. Documentation says:

PUT /{realm}/groups/{id}
Update group, ignores subgroups.

Now I am looking at using a UI testing tool to add the user programmatically, but this seems needlessly complex.

Is it possible to programmatically add new subgroups with users associated to that subgroup? Am I missing something with the REST API call or the import functionality? Is there maybe another way via for example the Java Admin Client?

score 3 · Accepted Answer · answered Jan 23 '20 at 23:06

You can create groups and subgroups under it , Here is the sample code to create subgroups using Admin Client. You can also associate users to those groups

 public void addSubgroups()  {
            RealmResource realm =keycloak.realm("myrealm");
            GroupRepresentation topGroup = new GroupRepresentation();
            topGroup.setName("group");
            topGroup = createGroup(realm, topGroup);

            createSubGroup(realm,topGroup.getId(),"subgroup1");
            createSubGroup(realm,topGroup.getId(),"subgroup2");
        }

       private void createSubGroup(RealmResource realm, String parentGroupId, String subGroupName) {
           GroupRepresentation subgroup = new GroupRepresentation();
             subgroup.setName(subGroupName);
           try (Response response = realm.groups().group(parentGroupId).subGroup(subgroup)){
                if (response.getStatusInfo().getFamily() == Family.SUCCESSFUL) {
                    System.out.println("Created Subgroup : " + subGroupName );
                } else {
                    logger.severe("Error Creating Subgroup : " + subGroupName + ", Error Message : " + getErrorMessage(response));
                }
            } 
       }

       private GroupRepresentation createGroup(RealmResource realm, GroupRepresentation group) {
            try (Response response = realm.groups().add(group)) {
                String groupId = getCreatedId(response);           
                group.setId(groupId);
                return group;
            }
        }

Thank you. I see the `createSubGroup` method here can add subgroups based on the `parentGroupId`. :) — user2609980, Jan 24 '20 at 08:49
This works: `GroupRepresentation subGroup : latestTopGroup.getSubGroups(); realm.users().get(userId).joinGroup(subGroup.getId());`. — user2609980, Jan 24 '20 at 12:36

score 1 · Answer 2 · edited Sep 07 '22 at 07:26

1

getCreatedId(response);

This method in above answer (by ravthiru) is belongs to CreatedResponseUtil from package (org.keycloak.admin.client)

CreatedResponseUtil.getCreatedId(response);

edited Sep 07 '22 at 07:26

Procrastinator

2,526
30
27
36

answered Sep 02 '22 at 11:47

Mahesh solanki

21
3

Keycloak: how to programmatically add new subgroups with associated users?

2 Answers2

Linked