Access Management API
User, group, and role management combining a custom backend API with direct Keycloak Admin API calls.
| Field | Value |
|---|---|
| Custom API Port | 50001 (shared with Operator Catalog) |
| Keycloak Port | 8080 |
| Base Path | /api/v1 (custom), /admin/realms/{realm} (Keycloak) |
| Source | Frontend service integration |
User Management (Custom API)
| Method | Path | Description |
|---|---|---|
| GET | /api/v1/users | List users with filters |
| POST | /api/v1/users | Create user |
| GET | /api/v1/users/{id} | Get user details |
| PUT | /api/v1/users/{id} | Update user |
| DELETE | /api/v1/users/{id} | Delete user |
| POST | /api/v1/users/{id}/reset-password | Reset user password |
Keycloak Admin API
Direct calls to Keycloak for identity management. Requires admin-level JWT.
Users
| Method | Path | Description |
|---|---|---|
| GET | /admin/realms/{realm}/users | List Keycloak users |
| POST | /admin/realms/{realm}/users | Create Keycloak user |
| GET | /admin/realms/{realm}/users/{id} | Get user |
| PUT | /admin/realms/{realm}/users/{id} | Update user |
| DELETE | /admin/realms/{realm}/users/{id} | Delete user |
Groups
| Method | Path | Description |
|---|---|---|
| GET | /admin/realms/{realm}/groups | List groups (hierarchical tree) |
| POST | /admin/realms/{realm}/groups | Create group |
| GET | /admin/realms/{realm}/groups/{id} | Get group |
| PUT | /admin/realms/{realm}/groups/{id} | Update group |
| DELETE | /admin/realms/{realm}/groups/{id} | Delete group |
Roles
| Method | Path | Description |
|---|---|---|
| GET | /admin/realms/{realm}/roles | List roles |
| POST | /admin/realms/{realm}/roles | Create role |
| GET | /admin/realms/{realm}/roles/{name} | Get role |
| PUT | /admin/realms/{realm}/roles/{name} | Update role |
Role Assignments
| Method | Path | Description |
|---|---|---|
| GET | /admin/realms/{realm}/users/{id}/role-mappings/realm | Get user's realm roles |
| POST | /admin/realms/{realm}/users/{id}/role-mappings/realm | Assign roles to user |
Keycloak Configuration
| Property | Value |
|---|---|
| Protocol | OAuth2 / OpenID Connect |
| Library | keycloak-js 26.1.0 |
| Realm | daitics-dev (dev), daitics (default) |
| Client ID | dtx-portal |
| Init Mode | login-required |
| PKCE | S256 for HTTPS, disabled for HTTP |
| Token Refresh | Every 60 seconds |
| Tenant ID | JWT tenant_id claim |
Keycloak URLs
| Environment | URL |
|---|---|
| Dev | http://100.91.186.89:8080 |
| Test | http://100.110.45.41:8080 |
| Local | http://localhost:8180 |
Key Types
User
{
id: string;
username: string;
email: string;
firstName: string;
lastName: string;
roles: Role[];
groups: UserGroup[];
enabled: boolean;
}
Role
{
id: string;
name: string;
description: string;
permissions: Permission[];
}
UserGroup (Hierarchical)
{
id: string;
name: string;
path: string;
parentId?: string;
children: UserGroup[]; // Recursive tree
}
Frontend Integration
| File | Purpose |
|---|---|
services/access-management/access-management.service.ts | User, role, group CRUD |
services/access-management/useAccessManagement.ts | React Query hook |
services/auth/keycloak.service.ts | Keycloak auth integration |
types/access-management.types.ts | TypeScript types |
stores/useAccessManagementStore.ts | Zustand filter/selection state |
hooks/usePermissionCheck.ts | Permission checking hook |