Create user in realm master fails

Current Behavior

We try to create (admin) users in the master realm. Using the following yaml, we get a Bad Request error.

realm: master
users:
  - username: myuser
    enabled: true
    emailVerified: true
    firstName: My
    lastName: Name
    email: myuser@test.com
    requiredActions:
      - UPDATE_PASSWORD

The http request:

2023-11-02 16:05:24.392 DEBUG 1187 --- [           main] org.apache.http.headers                  : http-outgoing-0 >> Content-Type: application/json
2023-11-02 16:05:24.392 DEBUG 1187 --- [           main] org.apache.http.headers                  : http-outgoing-0 >> Content-Length: 3981
2023-11-02 16:05:24.392 DEBUG 1187 --- [           main] org.apache.http.headers                  : http-outgoing-0 >> Host: localhost:8080
2023-11-02 16:05:24.392 DEBUG 1187 --- [           main] org.apache.http.headers                  : http-outgoing-0 >> Connection: Keep-Alive
2023-11-02 16:05:24.392 DEBUG 1187 --- [           main] org.apache.http.headers                  : http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.14 (Java/17.0.8)
2023-11-02 16:05:24.392 DEBUG 1187 --- [           main] org.apache.http.wire                     : http-outgoing-0 >> "PUT /admin/realms/master HTTP/1.1[\r][\n]"
2023-11-02 16:05:24.393 DEBUG 1187 --- [           main] org.apache.http.wire                     : http-outgoing-0 >> "Authorization: Bearer eyJhbGciO ... vg[\r][\n]"
2023-11-02 16:05:24.393 DEBUG 1187 --- [           main] org.apache.http.wire                     : http-outgoing-0 >> "Content-Type: application/json[\r][\n]"
2023-11-02 16:05:24.393 DEBUG 1187 --- [           main] org.apache.http.wire                     : http-outgoing-0 >> "Content-Length: 3981[\r][\n]"
2023-11-02 16:05:24.393 DEBUG 1187 --- [           main] org.apache.http.wire                     : http-outgoing-0 >> "Host: localhost:8080[\r][\n]"
2023-11-02 16:05:24.394 DEBUG 1187 --- [           main] org.apache.http.wire                     : http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]"
2023-11-02 16:05:24.394 DEBUG 1187 --- [           main] org.apache.http.wire                     : http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.5.14 (Java/17.0.8)[\r][\n]"
2023-11-02 16:05:24.394 DEBUG 1187 --- [           main] org.apache.http.wire                     : http-outgoing-0 >> "[\r][\n]"
2023-11-02 16:05:24.394 DEBUG 1187 --- [           main] org.apache.http.wire                     : http-outgoing-0 >> "{"id":null,"realm":"master","displayName":null,"displayNameHtml":null,"notBefore":null,"defaultSignatureAlgorithm":null,"revokeRefreshToken":null,"refreshTokenMaxReuse":null,"accessTokenLifespan":null,"accessTokenLifespanForImplicitFlow":null,"ssoSessionIdleTimeout":null,"ssoSessionMaxLifespan":null,"ssoSessionIdleTimeoutRememberMe":null,"ssoSessionMaxLifespanRememberMe":null,"offlineSessionIdleTimeout":null,"offlineSessionMaxLifespanEnabled":null,"offlineSessionMaxLifespan":null,"clientSessionIdleTimeout":null,"clientSessionMaxLifespan":null,"clientOfflineSessionIdleTimeout":null,"clientOfflineSessionMaxLifespan":null,"accessCodeLifespan":null,"accessCodeLifespanUserAction":null,"accessCodeLifespanLogin":null,"actionTokenGeneratedByAdminLifespan":null,"actionTokenGeneratedByUserLifespan":null,"oauth2DeviceCodeLifespan":null,"oauth2DevicePollingInterval":null,"enabled":null,"sslRequired":null,"passwordCredentialGrantAllowed":null,"registrationAllowed":null,"registrationEmailAsUsername":null,"rememberMe":null,"verifyEmail":null,"loginWithEmailAllowed":null,"duplicateEmailsAllowed":null,"resetPasswordAllowed":null,"editUsernameAllowed":null,"bruteForceProtected":null,"permanentLockout":null,"maxFailureWaitSeconds":null,"minimumQuickLoginWaitSeconds":null,"waitIncrementSeconds":null,"quickLoginCheckMilliSeconds":null,"maxDeltaTimeSeconds":null,"failureFactor":null,"privateKey":null,"publicKey":null,"certificate":null,"codeSecret":null,"roles":null,"groups":null,"defaultRoles":null,"defaultRole":null,"defaultGroups":null,"requiredCredentials":null,"passwordPolicy":null,"otpPolicyType":null,"otpPolicyAlgorithm":null,"otpPolicyInitialCounter":null,"otpPolicyDigits":null,"otpPolicyLookAheadWindow":null,"otpPolicyPeriod":null,"otpPolicyCodeReusable":null,"otpSupportedApplications":null,"webAuthnPolicyRpEntityName":null,"webAuthnPolicySignatureAlgorithms":null,"webAuthnPolicyRpId":null,"webAuthnPolicyAttestationConveyancePreference":null,"webAuthnPolicyAuthenticatorAttachment":null,"webAuthnPolicyRequireResidentKey":null,"webAuthnPolicyUserVerificationRequirement":null,"webAuthnPolicyCreateTimeout":null,"webAuthnPolicyAvoidSameAuthenticatorRegister":null,"webAuthnPolicyAcceptableAaguids":null,"webAuthnPolicyPasswordlessRpEntityName":null,"webAuthnPolicyPasswordlessSignatureAlgorithms":null,"webAuthnPolicyPasswordlessRpId":null,"webAuthnPolicyPasswordlessAttestationConveyancePreference":null,"webAuthnPolicyPasswordlessAuthenticatorAttachment":null,"webAuthnPolicyPasswordlessRequireResidentKey":null,"webAuthnPolicyPasswordlessUserVerificationRequirement":null,"webAuthnPolicyPasswordlessCreateTimeout":null,"webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister":null,"webAuthnPolicyPasswordlessAcceptableAaguids":null,"users":null,"federatedUsers":null,"scopeMappings":null,"clientScopeMappings":null,"clients":null,"clientScopes":null,"defaultDefaultClientScopes":null,"defaultOptionalClientScopes":null,"browserSecurityHeaders":null,"smtpServer":null,"userFederationProviders":null,"userFederationMappers":null,"loginTheme":null,"accountTheme":null,"adminTheme":null,"emailTheme":null,"eventsEnabled":false,"eventsExpiration":null,"eventsListeners":null,"enabledEventTypes":null,"adminEventsEnabled":null,"adminEventsDetailsEnabled":null,"identityProviders":null,"identityProviderMappers":null,"protocolMappers":null,"components":null,"internationalizationEnabled":null,"supportedLocales":null,"defaultLocale":null,"authenticationFlows":null,"authenticatorConfig":null,"requiredActions":null,"browserFlow":null,"registrationFlow":null,"directGrantFlow":null,"resetCredentialsFlow":null,"clientAuthenticationFlow":null,"dockerAuthenticationFlow":null,"attributes":null,"keycloakVersion":null,"userManagedAccessAllowed":null,"social":null,"updateProfileOnInitialSocialLogin":null,"socialProviders":null,"applicationScopeMappings":null,"applications":null,"oauthClients":null,"clientTemplates":null,"clientProfiles":null,"clientPolicies":null}"

The error response is:

2023-11-02 16:05:24.423 DEBUG 1187 --- [           main] org.apache.http.wire                     : http-outgoing-0 << "HTTP/1.1 400 Bad Request[\r][\n]"
2023-11-02 16:05:24.423 DEBUG 1187 --- [           main] org.apache.http.wire                     : http-outgoing-0 << "Referrer-Policy: no-referrer[\r][\n]"
2023-11-02 16:05:24.423 DEBUG 1187 --- [           main] org.apache.http.wire                     : http-outgoing-0 << "X-Frame-Options: SAMEORIGIN[\r][\n]"
2023-11-02 16:05:24.423 DEBUG 1187 --- [           main] org.apache.http.wire                     : http-outgoing-0 << "Strict-Transport-Security: max-age=31536000; includeSubDomains[\r][\n]"
2023-11-02 16:05:24.423 DEBUG 1187 --- [           main] org.apache.http.wire                     : http-outgoing-0 << "X-Content-Type-Options: nosniff[\r][\n]"
2023-11-02 16:05:24.423 DEBUG 1187 --- [           main] org.apache.http.wire                     : http-outgoing-0 << "X-XSS-Protection: 1; mode=block[\r][\n]"
2023-11-02 16:05:24.423 DEBUG 1187 --- [           main] org.apache.http.wire                     : http-outgoing-0 << "Content-Type: application/json[\r][\n]"
2023-11-02 16:05:24.423 DEBUG 1187 --- [           main] org.apache.http.wire                     : http-outgoing-0 << "content-length: 83[\r][\n]"
2023-11-02 16:05:24.423 DEBUG 1187 --- [           main] org.apache.http.wire                     : http-outgoing-0 << "[\r][\n]"
2023-11-02 16:05:24.424 DEBUG 1187 --- [           main] org.apache.http.wire                     : http-outgoing-0 << "{"errorMessage":"java.lang.IllegalStateException: Session/EntityManager is closed"}"
2023-11-02 16:05:24.424 DEBUG 1187 --- [           main] org.apache.http.headers                  : http-outgoing-0 << HTTP/1.1 400 Bad Request
2023-11-02 16:05:24.424 DEBUG 1187 --- [           main] org.apache.http.headers                  : http-outgoing-0 << Referrer-Policy: no-referrer
2023-11-02 16:05:24.424 DEBUG 1187 --- [           main] org.apache.http.headers                  : http-outgoing-0 << X-Frame-Options: SAMEORIGIN
2023-11-02 16:05:24.425 DEBUG 1187 --- [           main] org.apache.http.headers                  : http-outgoing-0 << Strict-Transport-Security: max-age=31536000; includeSubDomains
2023-11-02 16:05:24.425 DEBUG 1187 --- [           main] org.apache.http.headers                  : http-outgoing-0 << X-Content-Type-Options: nosniff
2023-11-02 16:05:24.425 DEBUG 1187 --- [           main] org.apache.http.headers                  : http-outgoing-0 << X-XSS-Protection: 1; mode=block
2023-11-02 16:05:24.425 DEBUG 1187 --- [           main] org.apache.http.headers                  : http-outgoing-0 << Content-Type: application/json
2023-11-02 16:05:24.425 DEBUG 1187 --- [           main] org.apache.http.headers                  : http-outgoing-0 << content-length: 83

In Keycloak we do not see any relevant log messages, even on log level trace.

Expected Behavior

When I import a yaml as described above, a user is created in the master realm.

Steps To Reproduce

Run keycloak-config-cli with the above yaml file

STAGE=dev noglob java -jar ./keycloak-config-cli.jar \
    --logging.level.root=trace \
    --keycloak.url=http://localhost:8080 \
    --keycloak.user=admin \
    --keycloak.password=admin \
    --keycloak.availability-check.enabled=true \
    --import.cache.enabled=false \
    --import.var-substitution.enabled=true \
    --import.files.locations=./config/** \

Environment

Keycloak Version: 22.0.5
keycloak-config-cli Version: 5.9.0
Java Version: 17

Anything else?

No response

adorsys / keycloak-config-cli

Create user in realm master fails #939

Current Behavior

Expected Behavior

Steps To Reproduce

Environment

Anything else?