keycloak, user registration. How to add the role?

5
votes

I have an app secured by keycloak. Going to a secured page brings up a keycloak login page and the correct user/password gives the expected results.

Within the client, I have switched on user registation. So now the login page shows a register link, which displays another keycloak page allowing the user to register with name, username, email.

This "works" in that the user is added to the keycloak user database. But the application displays the error page because a role is not mapped to that user in keycloak.

What I would like to happen is to be able to add the new user to the apps own user database, associate a role with the user, perhaps do some verification of the user.

So I don't really know what keycloak is sending back to the app except that it eventually leads to /error. Is there a way to tell keycloak after a new registration contact this url where things can happen within the app?

2
keycloak

2 Answers

7
votes

I came across similar scenario and the way I solved it was by enabling a default role to the newly added user. This role can be changed later on but with a default role in place, your flow will complete.

There are 2 ways to assign a default role in keycloak. With both these configs, whenever a new user is registered even from external service providers, they will be assigned this default role:

  1. Assign a default role directly to user:

enter image description here

  1. Assign a default group to user & map a role to that default group

enter image description here

enter image description here

Please note that Default Group & Role names in above are my own and they are not predefined in keycloak.

0
votes

After logging in to Keycloak admin console --> roles -> go to 'Default Roles' tab and add the role from available section to default realm roles section and save...Now when a user is registered, it will have the role assigned .