RHBK Admin REST API to list Policy and Resources
Environment
- Red Hat Build of Keycloak
- 22.0.10
Issue
- Is there an API in RHBK to get information on JavaScript policy, Group policy and Aggregate policy as a list?
- Is there an API in RHBK to list resource based permissions?
Resolution
Below are the steps to get policies and resource based permissions as a list in RHBK using Admin REST API:
Prerequisite
Get the access token:
curl -d "client_id=admin-cli" -d "username=admin1" -d "password=admin1" -d "grant_type=password" "http://localhost:8080/realms/master/protocol/openid-connect/token"
REST API to list all policies from a client
Below is the endpoint to retrieve policies from a client using id "d90a46f-31a3-467c-a7ab-85940b9aabb9" which returns policies of all type including js, group, time and aggregate
curl -H "Authorization: bearer $TKN" -H 'Content-Type: application/json' 'http://localhost:8080/admin/realms/master/clients/fd90a46f-31a3-467c-a7ab-85940b9aabb9/authz/resource-server/policy' | jq
[
{
"id": "9f175717-83c7-4364-897d-7a4014e974b4",
"name": "Default Permission",
"description": "A permission that applies to the default resource type",
"type": "resource",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"defaultResourceType": "urn:test-client:resources:default"
}
},
{
"id": "0e9851c0-3668-42e5-b0ca-3db0471f7f40",
"name": "Default Policy",
"description": "A policy that grants access only for users within this realm",
"type": "js",
"logic": "POSITIVE",
"decisionStrategy": "AFFIRMATIVE",
"config": {
"code": "// by default, grants any permission associated with this policy\n$evaluation.grant();\n"
}
},
{
"id": "a4e4d037-1e21-4380-a9fe-eaeb1704e80d",
"name": "syed-test-policy",
"description": "test case",
"type": "time",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"noa": "2026-05-14 00:00:00",
"nbf": "2024-05-13 00:00:00"
}
},
{
"id": "83bd1650-a627-4c5e-ad56-efacff1bebfc",
"name": "syed-test-policy-3",
"description": "test case for policy type=aggregate",
"type": "aggregate",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {}
},
{
"id": "16e69129-0b66-4c3f-84fc-16bc57651e2b",
"name": "syed-test-policy-group",
"description": "test case for policy type=group",
"type": "group",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"groups": "[{\"id\":\"a19189fe-c3c9-474d-9bee-3fc521134d30\",\"extendChildren\":false}]",
"groupsClaim": ""
}
}
]
REST API to list Resource Based Permissions from a client
Below is the endpoint to retrieve Resource Based Permission from a client using id "d90a46f-31a3-467c-a7ab-85940b9aabb9". The result from this API is from Clients -> Client details -> Authorization -> Resources
curl -H "Authorization: bearer $TKN" -H 'Content-Type: application/json' 'http://localhost:8080/admin/realms/master/clients/fd90a46f-31a3-467c-a7ab-85940b9aabb9/authz/resource-server/resource/' | jq
[
{
"name": "Default Resource",
"type": "urn:test-client:resources:default",
"owner": {
"id": "fd90a46f-31a3-467c-a7ab-85940b9aabb9",
"name": "test-client"
},
"ownerManagedAccess": false,
"attributes": {},
"_id": "8a46f841-f5cd-4507-8deb-8befeae05c05",
"uris": [
"/*"
]
},
{
"name": "test-case-resource",
"owner": {
"id": "fd90a46f-31a3-467c-a7ab-85940b9aabb9",
"name": "test-client"
},
"ownerManagedAccess": true,
"displayName": "syed-test-client-resource",
"attributes": {},
"_id": "e44fb0d0-a723-4a82-ad09-62faeb76968b",
"uris": [],
"icon_uri": ""
}
]
Root Cause
- List policies via RHBK Admin API.
- List resource based permissions via RHBK Admin API.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments