Save user roles in Keycloak

🌐 This document is available in both English and Ukrainian. Use the language toggle in the top right corner to switch between versions.
The latest version of this integration extension is described at [batch-creation-entities-v2].
Table 1. Brief information about the delegate
Name Explanation

Business name

Save user roles

Service name

${keycloakSaveUserRoleConnectorDelegate}

Filename in the extensions library

keycloakSaveUserRoleConnectorDelegate.json

1. General description

The general integration extension delegate provides the capability to interact with the Keycloak identity and access management service to modify user roles. The delegate is configured within service tasks in the business process using the Save user roles template.

2. Configuring template in business process

  1. Create a Service Task.

  2. In the Name field, specify the name of the service task.

  3. Apply the Save user roles delegate template from the available list in the catalog.

  4. In the Inputs > Roles section, provide the roles that need to be assigned to the user. For example, officer.

    In our example, a single role (officer) is passed as an array (List).

    Available variable types through which roles can be passed include:

    • List — a list/array.

    • Map — key-value pairs.

    • Script — a script.

    • String or expression — a string or expression.
    Example 1. An array of roles to assign to the user
    ['officer', 'manager1', 'manager2']

    • officer — a system role assigned to the user after registration.

    • manager1 and manager2 — can be roles in the registry regulations.

  5. Specify the username in the Keycloak system. This can be done, for example, using the JUEL function initiator():

    ${initiator().userName}

  6. Select the Keycloak realm to which the user belongs. For example, officer, for registering Officer.

    Available realm options: * CITIZEN — the realm where Citizens and their roles are stored. * OFFICER — the realm where Officers (service providers) and their roles are stored.

  7. Specify the type of roles that can be modified for the user. Available options:

    • ALL ROLES — all current roles will be replaced by the list of roles specified in the Roles section.

    • PLATFORM ROLES — current system roles assigned to the user will be replaced by the list of roles specified in the Roles section. Current regulatory/registry roles will remain unchanged.

    • REGISTRY ROLES — only the regulatory/registry roles of the user will be replaced.

    • If when configuring the delegate, you pass an array of roles as input parameters, one of which is a system role and the other two are regulatory (e.g., officer, manager1, and manager2), then you should choose the ALL ROLES option.

    • If when configuring the delegate, you pass a system role (e.g., officer), then you should choose the PLATFORM ROLES option.

    • If when configuring the delegate, you pass regulatory roles (e.g., manager1 and manager2), then you should choose the REGISTRY ROLES option.

delegate save user roles 1