Open HenningWaack opened 10 months ago
We try to create (admin) users in the master realm. Using the following yaml, we get a Bad Request error.
realm: master users: - username: myuser enabled: true emailVerified: true firstName: My lastName: Name email: myuser@test.com requiredActions: - UPDATE_PASSWORD
The http request:
2023-11-02 16:05:24.392 DEBUG 1187 --- [ main] org.apache.http.headers : http-outgoing-0 >> Content-Type: application/json 2023-11-02 16:05:24.392 DEBUG 1187 --- [ main] org.apache.http.headers : http-outgoing-0 >> Content-Length: 3981 2023-11-02 16:05:24.392 DEBUG 1187 --- [ main] org.apache.http.headers : http-outgoing-0 >> Host: localhost:8080 2023-11-02 16:05:24.392 DEBUG 1187 --- [ main] org.apache.http.headers : http-outgoing-0 >> Connection: Keep-Alive 2023-11-02 16:05:24.392 DEBUG 1187 --- [ main] org.apache.http.headers : http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.14 (Java/17.0.8) 2023-11-02 16:05:24.392 DEBUG 1187 --- [ main] org.apache.http.wire : http-outgoing-0 >> "PUT /admin/realms/master HTTP/1.1[\r][\n]" 2023-11-02 16:05:24.393 DEBUG 1187 --- [ main] org.apache.http.wire : http-outgoing-0 >> "Authorization: Bearer eyJhbGciO ... vg[\r][\n]" 2023-11-02 16:05:24.393 DEBUG 1187 --- [ main] org.apache.http.wire : http-outgoing-0 >> "Content-Type: application/json[\r][\n]" 2023-11-02 16:05:24.393 DEBUG 1187 --- [ main] org.apache.http.wire : http-outgoing-0 >> "Content-Length: 3981[\r][\n]" 2023-11-02 16:05:24.393 DEBUG 1187 --- [ main] org.apache.http.wire : http-outgoing-0 >> "Host: localhost:8080[\r][\n]" 2023-11-02 16:05:24.394 DEBUG 1187 --- [ main] org.apache.http.wire : http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]" 2023-11-02 16:05:24.394 DEBUG 1187 --- [ main] org.apache.http.wire : http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.5.14 (Java/17.0.8)[\r][\n]" 2023-11-02 16:05:24.394 DEBUG 1187 --- [ main] org.apache.http.wire : http-outgoing-0 >> "[\r][\n]" 2023-11-02 16:05:24.394 DEBUG 1187 --- [ main] org.apache.http.wire : http-outgoing-0 >> "{"id":null,"realm":"master","displayName":null,"displayNameHtml":null,"notBefore":null,"defaultSignatureAlgorithm":null,"revokeRefreshToken":null,"refreshTokenMaxReuse":null,"accessTokenLifespan":null,"accessTokenLifespanForImplicitFlow":null,"ssoSessionIdleTimeout":null,"ssoSessionMaxLifespan":null,"ssoSessionIdleTimeoutRememberMe":null,"ssoSessionMaxLifespanRememberMe":null,"offlineSessionIdleTimeout":null,"offlineSessionMaxLifespanEnabled":null,"offlineSessionMaxLifespan":null,"clientSessionIdleTimeout":null,"clientSessionMaxLifespan":null,"clientOfflineSessionIdleTimeout":null,"clientOfflineSessionMaxLifespan":null,"accessCodeLifespan":null,"accessCodeLifespanUserAction":null,"accessCodeLifespanLogin":null,"actionTokenGeneratedByAdminLifespan":null,"actionTokenGeneratedByUserLifespan":null,"oauth2DeviceCodeLifespan":null,"oauth2DevicePollingInterval":null,"enabled":null,"sslRequired":null,"passwordCredentialGrantAllowed":null,"registrationAllowed":null,"registrationEmailAsUsername":null,"rememberMe":null,"verifyEmail":null,"loginWithEmailAllowed":null,"duplicateEmailsAllowed":null,"resetPasswordAllowed":null,"editUsernameAllowed":null,"bruteForceProtected":null,"permanentLockout":null,"maxFailureWaitSeconds":null,"minimumQuickLoginWaitSeconds":null,"waitIncrementSeconds":null,"quickLoginCheckMilliSeconds":null,"maxDeltaTimeSeconds":null,"failureFactor":null,"privateKey":null,"publicKey":null,"certificate":null,"codeSecret":null,"roles":null,"groups":null,"defaultRoles":null,"defaultRole":null,"defaultGroups":null,"requiredCredentials":null,"passwordPolicy":null,"otpPolicyType":null,"otpPolicyAlgorithm":null,"otpPolicyInitialCounter":null,"otpPolicyDigits":null,"otpPolicyLookAheadWindow":null,"otpPolicyPeriod":null,"otpPolicyCodeReusable":null,"otpSupportedApplications":null,"webAuthnPolicyRpEntityName":null,"webAuthnPolicySignatureAlgorithms":null,"webAuthnPolicyRpId":null,"webAuthnPolicyAttestationConveyancePreference":null,"webAuthnPolicyAuthenticatorAttachment":null,"webAuthnPolicyRequireResidentKey":null,"webAuthnPolicyUserVerificationRequirement":null,"webAuthnPolicyCreateTimeout":null,"webAuthnPolicyAvoidSameAuthenticatorRegister":null,"webAuthnPolicyAcceptableAaguids":null,"webAuthnPolicyPasswordlessRpEntityName":null,"webAuthnPolicyPasswordlessSignatureAlgorithms":null,"webAuthnPolicyPasswordlessRpId":null,"webAuthnPolicyPasswordlessAttestationConveyancePreference":null,"webAuthnPolicyPasswordlessAuthenticatorAttachment":null,"webAuthnPolicyPasswordlessRequireResidentKey":null,"webAuthnPolicyPasswordlessUserVerificationRequirement":null,"webAuthnPolicyPasswordlessCreateTimeout":null,"webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister":null,"webAuthnPolicyPasswordlessAcceptableAaguids":null,"users":null,"federatedUsers":null,"scopeMappings":null,"clientScopeMappings":null,"clients":null,"clientScopes":null,"defaultDefaultClientScopes":null,"defaultOptionalClientScopes":null,"browserSecurityHeaders":null,"smtpServer":null,"userFederationProviders":null,"userFederationMappers":null,"loginTheme":null,"accountTheme":null,"adminTheme":null,"emailTheme":null,"eventsEnabled":false,"eventsExpiration":null,"eventsListeners":null,"enabledEventTypes":null,"adminEventsEnabled":null,"adminEventsDetailsEnabled":null,"identityProviders":null,"identityProviderMappers":null,"protocolMappers":null,"components":null,"internationalizationEnabled":null,"supportedLocales":null,"defaultLocale":null,"authenticationFlows":null,"authenticatorConfig":null,"requiredActions":null,"browserFlow":null,"registrationFlow":null,"directGrantFlow":null,"resetCredentialsFlow":null,"clientAuthenticationFlow":null,"dockerAuthenticationFlow":null,"attributes":null,"keycloakVersion":null,"userManagedAccessAllowed":null,"social":null,"updateProfileOnInitialSocialLogin":null,"socialProviders":null,"applicationScopeMappings":null,"applications":null,"oauthClients":null,"clientTemplates":null,"clientProfiles":null,"clientPolicies":null}"
The error response is:
2023-11-02 16:05:24.423 DEBUG 1187 --- [ main] org.apache.http.wire : http-outgoing-0 << "HTTP/1.1 400 Bad Request[\r][\n]" 2023-11-02 16:05:24.423 DEBUG 1187 --- [ main] org.apache.http.wire : http-outgoing-0 << "Referrer-Policy: no-referrer[\r][\n]" 2023-11-02 16:05:24.423 DEBUG 1187 --- [ main] org.apache.http.wire : http-outgoing-0 << "X-Frame-Options: SAMEORIGIN[\r][\n]" 2023-11-02 16:05:24.423 DEBUG 1187 --- [ main] org.apache.http.wire : http-outgoing-0 << "Strict-Transport-Security: max-age=31536000; includeSubDomains[\r][\n]" 2023-11-02 16:05:24.423 DEBUG 1187 --- [ main] org.apache.http.wire : http-outgoing-0 << "X-Content-Type-Options: nosniff[\r][\n]" 2023-11-02 16:05:24.423 DEBUG 1187 --- [ main] org.apache.http.wire : http-outgoing-0 << "X-XSS-Protection: 1; mode=block[\r][\n]" 2023-11-02 16:05:24.423 DEBUG 1187 --- [ main] org.apache.http.wire : http-outgoing-0 << "Content-Type: application/json[\r][\n]" 2023-11-02 16:05:24.423 DEBUG 1187 --- [ main] org.apache.http.wire : http-outgoing-0 << "content-length: 83[\r][\n]" 2023-11-02 16:05:24.423 DEBUG 1187 --- [ main] org.apache.http.wire : http-outgoing-0 << "[\r][\n]" 2023-11-02 16:05:24.424 DEBUG 1187 --- [ main] org.apache.http.wire : http-outgoing-0 << "{"errorMessage":"java.lang.IllegalStateException: Session/EntityManager is closed"}" 2023-11-02 16:05:24.424 DEBUG 1187 --- [ main] org.apache.http.headers : http-outgoing-0 << HTTP/1.1 400 Bad Request 2023-11-02 16:05:24.424 DEBUG 1187 --- [ main] org.apache.http.headers : http-outgoing-0 << Referrer-Policy: no-referrer 2023-11-02 16:05:24.424 DEBUG 1187 --- [ main] org.apache.http.headers : http-outgoing-0 << X-Frame-Options: SAMEORIGIN 2023-11-02 16:05:24.425 DEBUG 1187 --- [ main] org.apache.http.headers : http-outgoing-0 << Strict-Transport-Security: max-age=31536000; includeSubDomains 2023-11-02 16:05:24.425 DEBUG 1187 --- [ main] org.apache.http.headers : http-outgoing-0 << X-Content-Type-Options: nosniff 2023-11-02 16:05:24.425 DEBUG 1187 --- [ main] org.apache.http.headers : http-outgoing-0 << X-XSS-Protection: 1; mode=block 2023-11-02 16:05:24.425 DEBUG 1187 --- [ main] org.apache.http.headers : http-outgoing-0 << Content-Type: application/json 2023-11-02 16:05:24.425 DEBUG 1187 --- [ main] org.apache.http.headers : http-outgoing-0 << content-length: 83
In Keycloak we do not see any relevant log messages, even on log level trace.
When I import a yaml as described above, a user is created in the master realm.
Run keycloak-config-cli with the above yaml file STAGE=dev noglob java -jar ./keycloak-config-cli.jar \ --logging.level.root=trace \ --keycloak.url=http://localhost:8080 \ --keycloak.user=admin \ --keycloak.password=admin \ --keycloak.availability-check.enabled=true \ --import.cache.enabled=false \ --import.var-substitution.enabled=true \ --import.files.locations=./config/** \
No response
Seems to be related to the following Keycloak issue, which has been fixed but not released, yet: https://github.com/keycloak/keycloak/issues/23943
Current Behavior
We try to create (admin) users in the master realm. Using the following yaml, we get a Bad Request error.
The http request:
The error response is:
In Keycloak we do not see any relevant log messages, even on log level trace.
Expected Behavior
When I import a yaml as described above, a user is created in the master realm.
Steps To Reproduce
Environment
Anything else?
No response