Error when calling membership endpoint with search query

[karlokoloda]

When calling /tenants/{tenant_id}/[memberships?search=email%40example.com keycloak returns HTTP 400 'unknown_error'

Without the search query the endpoints returns the values correctly.

Keycloak version : 23.0.6 - with MySQL keycloak-multi-tenancy version : 23.1.0

[anarsultanov]

Hi @karlokoloda

Thank you for reporting the issue you're facing, and I appreciate the details you've provided.

Unfortunately, I couldn't replicate the error you mentioned. If you're able to provide the logs of your Keycloak instance when this error occurs, it would greatly assist in resolving the issue.

In case you're unable to find the specific logs related to this issue, you might consider enabling debug-level logging.

[karlokoloda]

Hi @anarsultanov Logs attached below. After some digging around I noticed a service account popping up in my GET request as the first user. After adding a fake email to the service account user, the search param works.

The service account admin-cli { "id": "43990dfe-6205-4e9f-aff2-4bf67bf56dbf", "user": { "id": "04c001c0-f32a-4a64-ac9d-b724c440b05d", "createdTimestamp": 1704181803983, "username": "service-account-admin-cli", "enabled": true, "emailVerified": false }, "roles": [ "tenant-admin" ] },

The logs are attached in the file keycloak-mt-logs2.txt

[anarsultanov]

Hi @karlokoloda,

Thank you for sharing the logs and additional details. The issue appears to be affecting non-email accounts, including service accounts. The scenario of adding such accounts to a tenant was not considered, so they are not processed properly. I'll fix this when I have time during the week. Thanks for helping to identify this gap.