/// <summary> /// Remove roles from the group in keycloak. /// </summary> /// <param name="group"></param> /// <param name="role"></param> /// <returns></returns> private async Task RemoveRolesFromGroupInKeycloak(KModel.GroupModel group, RoleModel role) { var removeRoles = group.RealmRoles.Where(r => !role.Claims.Select(c => c.Name).Contains(r)); foreach (var rname in removeRoles) { // Get the matching role from keycloak. var krole = await _client.HandleRequestAsync <KModel.RoleModel>(HttpMethod.Get, $"{_options.Auth.Keycloak.Admin.Authority}/roles/{rname}"); var roles = new[] { new KModel.RoleModel() { Id = krole.Id, Name = krole.Name, Composite = false, ClientRole = false, ContainerId = _options.Auth.Keycloak.Realm, Description = krole.Description } }; // Update the group in keycloak. var response = await _client.SendJsonAsync($"{_options.Auth.Keycloak.Admin.Authority}/groups/{group.Id}/role-mappings/realm", HttpMethod.Delete, roles); if (!response.IsSuccessStatusCode) { throw new HttpClientRequestException(response, $"Failed to update the group '{role.Name}' removing role '{rname}' in keycloak"); } } }
/// <summary> /// Add a group to keycloak. /// </summary> /// <param name="role"></param> /// <returns></returns> private async Task <KModel.GroupModel> AddGroupToKeycloak(RoleModel role) { var addGroup = new KModel.GroupModel() { Name = role.Name, Path = $"/{role.Name}", RealmRoles = role.Claims.Select(c => c.Name).ToArray() }; // Add the group to keycloak and sync with PIMS. var response = await _client.SendJsonAsync($"{_options.Auth.Keycloak.Admin.Authority}/groups", HttpMethod.Post, addGroup); if (response.StatusCode == HttpStatusCode.Created) { // Get the Group Id var groups = await _client.HandleRequestAsync <IEnumerable <KModel.GroupModel> >(HttpMethod.Get, $"{_options.Auth.Keycloak.Admin.Authority}/groups?search={role.Name}"); role.KeycloakGroupId = groups.FirstOrDefault().Id; return(await GetKeycloakGroupAsync(role, false)); } else { throw new HttpClientRequestException(response, $"Failed to add the group '{role.Name}' to keycloak"); } }
/// <summary> /// Add roles to the group in keycloak. /// </summary> /// <param name="group"></param> /// <param name="role"></param> /// <returns></returns> private async Task AddRolesToGroupInKeycloak(KModel.GroupModel group, RoleModel role) { foreach (var claim in role.Claims) { // Get the matching role from keycloak. //var krole = await HandleRequestAsync<KModel.RoleModel>(HttpMethod.Get, $"{_options.Auth.Keycloak.Admin.Authority}/roles/{claim.Name}"); var roles = role.Claims.Select(c => new KModel.RoleModel() { Id = c.KeycloakRoleId.Value, Name = c.Name, Composite = false, ClientRole = false, ContainerId = _options.Auth.Keycloak.Realm, Description = c.Description }).ToArray(); // Update the group in keycloak. var response = await _client.SendJsonAsync($"{_options.Auth.Keycloak.Admin.Authority}/groups/{group.Id}/role-mappings/realm", HttpMethod.Post, roles); if (!response.IsSuccessStatusCode) { throw new HttpClientRequestException(response, $"Failed to update the group '{role.Name}' with the role '{claim.Name}' in keycloak"); } } }
/// <summary> /// Update a group in keycloak. /// </summary> /// <param name="group"></param> /// <param name="role"></param> /// <returns></returns> private async Task <KModel.GroupModel> UpdateGroupInKeycloak(KModel.GroupModel group, RoleModel role) { // Update the group in keycloak. var response = await _client.SendJsonAsync($"{_options.Auth.Keycloak.Admin.Authority}/groups/{group.Id}", HttpMethod.Put, group); if (response.IsSuccessStatusCode) { await RemoveRolesFromGroupInKeycloak(group, role); await AddRolesToGroupInKeycloak(group, role); return(await GetKeycloakGroupAsync(role, false)); } else { throw new HttpClientRequestException(response, $"Failed to update the group '{role.Name}' in keycloak"); } }