GET request : auth/realms/:realm/users/:userId/orgs/:orgId/roles fails with 404

[AliakseiPaseishviliSyntheticabio]

Steps to reproduce:

1. One admin keycloak.
2. Add organization.
3. Add member to org.
4. Assign role to member.

See next error:

[xgp]

@AliakseiPaseishviliSyntheticabio thanks for the report.

Hard to see what you're actually GETing from that screenshot, but the following path format should work: /{relativePath}/realms/{realm}/users/{userId}/orgs/{orgId}/roles

E.g. I just tested locally with http://localhost:8080/realms/test/users/5e2d2caa-f383-49d8-924b-bf4140ca429d/orgs/fdcbb2f4-e133-4474-a057-ec918e2cb180/roles and didn't have a problem.

If you're still seeing the issue, please post a video with the full steps you are taking, and a HAR file so we can see what's going on.

[Kindrat]

Actually doing the same programmatically via java admin client with same result. Plugin version 0.75, client version 0.1.10, Keycloak 24.0.4

Keycloak log

025-01-06 01:47:44,519 DEBUG [org.keycloak.services.error.KeycloakErrorHandler] (executor-thread-26) Error response 404: jakarta.ws.rs.WebApplicationException: HTTP 404 Not Found 2025-01-06T01:47:44.519510145Z at org.jboss.resteasy.reactive.server.handlers.ResourceLocatorHandler.handle(ResourceLocatorHandler.java:79) 2025-01-06T01:47:44.519518962Z at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:150) 2025-01-06T01:47:44.519527838Z at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:147) 2025-01-06T01:47:44.519536394Z at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:582) 2025-01-06T01:47:44.519545532Z at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513) 2025-01-06T01:47:44.519553857Z at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538) 2025-01-06T01:47:44.519562193Z at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29) 2025-01-06T01:47:44.519570939Z at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29) 2025-01-06T01:47:44.519593762Z at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) 2025-01-06T01:47:44.519602629Z at java.base/java.lang.Thread.run(Thread.java:840)

User in realm same as in request, also member of org from request.

Is there any additional configuration that needs to be done before using this API? E.g. like for retrieving organization list Keycloak client should have 'view-organizations' roles.

[Kindrat]

From debugging in Keycloak:

Request arrived, but did not pass matcher with this 'remaining' part. Matcher has only one entry for '/admins'

[xgp]

Are you able to capture the actual request the client code is making? (using Wireshark or something similar). Seems like the client is just making a bad request.

[Kindrat]

@xgp what exactly are you looking for?

[xgp]

I’m looking for a full HTTP request so I can actually reproduce this. In lieu of that, a unit test that reproduces the issue would suffice.

What you sent looks fine, and when I do the same thing, it returns an actual response for me. Unless I have a way to reproduce this, I won't be able to help.

[Kindrat]

I guess it really depends on our realm configuration. Will try to create similar test one to reproduce