Hi all,

Some info:
Running Keycloak 15.0.1
On Linux 5.4.0-1078

What I'm trying to achieve:
I want to deploy new realms with Ansible. We need the default 'Microsoft' identity provider, with the 'Token-exchange' permissions, which on it's own have some custom policies applied.

Now Ansible doesn't have a module for applying custom policies and permissions. So my workaround at the moment is to use the Partial-Export functionality in combination with the REST API. The complete workflow is as follows:

Use the REST API to create a realm, add clients, a Microsoft Identity Provider and an OIDC Identity Provider. Make a Partial-Export of this realm. Search for the Id's of the Identity Providers and Clients. And use those Id's to connect the Identity Providers to the Token-Exchange permissions and custom policies.

And that's where my issue starts. When I do a Partial-Export from the GUI I see all the settings and Id's (Id's are the reason I'm writing this message). But when I do an export with the REST API, some of those Id's (and a lot more info) is missing in the JSON.
The difference in number of lines is about 1000 lines.

The following is my yaml-code for the export with Ansible.
- name: "export json" uri: url: "https://{{KEYCLOAKURL}}/auth/admin/realms/{{ var_realm }}partial-export" method: "POST" headers: authorization: "Bearer {{ token }}" body_format: json body: exportClients: True exportGroupsAndRoles: True status_code: - 201 - 400 - 200 no_log: false register: export

Can anyone help me out with why the REST API doesn't export the same JSON as the GUI does?

Thanks in advance.