search

adorsys / keycloak-config-cli

Import YAML/JSON-formatted configuration files into Keycloak - Configuration as Code for Keycloak.
Apache License 2.0
705 stars 133 forks source link

Error on import Cannot update client 'account' in realm HTTP 400 Bad Request #803

Open devent opened 1 year ago

devent commented 1 year ago

Current Behavior

Running Keycloak and try to import my config from a previous exported config json. Error is:

2022-10-21 19:44:36.288 ERROR 1 --- [           main] d.a.k.config.KeycloakConfigRunner        : Cannot update client 'account' in realm 'SSO Andrea-1': HTTP 400 Bad Request

Expected Behavior

My config json was imported successfully.

Steps To Reproduce

1. start Keycloak
2. start keycloak-config-cli with the parameters:

      - KEYCLOAK_URL=http://keycloak:8080
      - KEYCLOAK_USER=user
      - KEYCLOAK_PASSWORD=bitnami
      - KEYCLOAK_AVAILABILITYCHECK_ENABLED=true
      - KEYCLOAK_AVAILABILITYCHECK_TIMEOUT=120s
      - IMPORT_FILES_LOCATIONS=/keycloak/*.json

Environment

Anything else?

Full log:

2022-10-21 19:41:09.551  INFO 1 --- [           main] d.a.k.config.KeycloakConfigApplication   : Starting KeycloakConfigApplication v5.3.1 using Java 11.0.16.1 on 40ba78a7050d with PID 1 (/opt/bitnami/keycloak-config-cli/keycloak-config-cli-18.0.2.jar started by ? in /opt/bitnami/keycloak-config-cli)
2022-10-21 19:41:09.563  INFO 1 --- [           main] d.a.k.config.KeycloakConfigApplication   : No active profile set, falling back to 1 default profile: "default"
2022-10-21 19:41:11.906  INFO 1 --- [           main] d.a.k.config.KeycloakConfigApplication   : Started KeycloakConfigApplication in 4.004 seconds (JVM running for 5.831)
2022-10-21 19:41:18.292  INFO 1 --- [           main] d.a.k.config.KeycloakConfigRunner        : Importing file 'file:/keycloak/realm-export.json'
2022-10-21 19:41:18.305  INFO 1 --- [           main] d.a.k.config.provider.KeycloakProvider   : Wait 120 seconds until http://keycloak:8080 is available ...
2022-10-21 19:43:18.361 ERROR 1 --- [           main] d.a.k.config.KeycloakConfigRunner        : Could not connect to keycloak in 120 seconds: RESTEASY004655: Unable to invoke request: org.apache.http.conn.HttpHostConnectException: Connect to keycloak:8080 [keycloak/192.168.16.4] failed: Connection refused (Connection refused)
2022-10-21 19:43:18.362  INFO 1 --- [           main] d.a.k.config.KeycloakConfigRunner        : keycloak-config-cli running in 02:01.790.
2022-10-21 19:44:17.771  INFO 1 --- [           main] d.a.k.config.KeycloakConfigApplication   : Starting KeycloakConfigApplication v5.3.1 using Java 11.0.16.1 on 40ba78a7050d with PID 1 (/opt/bitnami/keycloak-config-cli/keycloak-config-cli-18.0.2.jar started by ? in /opt/bitnami/keycloak-config-cli)
2022-10-21 19:44:17.782  INFO 1 --- [           main] d.a.k.config.KeycloakConfigApplication   : No active profile set, falling back to 1 default profile: "default"
2022-10-21 19:44:19.727  INFO 1 --- [           main] d.a.k.config.KeycloakConfigApplication   : Started KeycloakConfigApplication in 3.954 seconds (JVM running for 5.811)
2022-10-21 19:44:23.226  INFO 1 --- [           main] d.a.k.config.KeycloakConfigRunner        : Importing file 'file:/keycloak/realm-export.json'
2022-10-21 19:44:23.239  INFO 1 --- [           main] d.a.k.config.provider.KeycloakProvider   : Wait 120 seconds until http://keycloak:8080 is available ...
2022-10-21 19:44:36.288 ERROR 1 --- [           main] d.a.k.config.KeycloakConfigRunner        : Cannot update client 'account' in realm 'SSO Andrea-1': HTTP 400 Bad Request
2022-10-21 19:44:36.288  INFO 1 --- [           main] d.a.k.config.KeycloakConfigRunner        : keycloak-config-cli running in 00:14.039.

Config json: https://gist.github.com/devent/289d1a97d0e37d5dfa90295ac2079f5f

bh-tt commented 1 year ago

Try running with --logging.level.root=debug, that will show you the full response from keycloak. In my case there was an invalid email for a user.

Careful. this also logs the authorization header which contains credentials.