Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create user in realm master fails #939

Open
HenningWaack opened this issue Nov 2, 2023 · 1 comment
Open

Create user in realm master fails #939

HenningWaack opened this issue Nov 2, 2023 · 1 comment
Labels
bug

Comments

@HenningWaack
Copy link

Current Behavior

We try to create (admin) users in the master realm. Using the following yaml, we get a Bad Request error.

realm: master
users:
  - username: myuser
    enabled: true
    emailVerified: true
    firstName: My
    lastName: Name
    email: myuser@test.com
    requiredActions:
      - UPDATE_PASSWORD

The http request:

2023-11-02 16:05:24.392 DEBUG 1187 --- [           main] org.apache.http.headers                  : http-outgoing-0 >> Content-Type: application/json
2023-11-02 16:05:24.392 DEBUG 1187 --- [           main] org.apache.http.headers                  : http-outgoing-0 >> Content-Length: 3981
2023-11-02 16:05:24.392 DEBUG 1187 --- [           main] org.apache.http.headers                  : http-outgoing-0 >> Host: localhost:8080
2023-11-02 16:05:24.392 DEBUG 1187 --- [           main] org.apache.http.headers                  : http-outgoing-0 >> Connection: Keep-Alive
2023-11-02 16:05:24.392 DEBUG 1187 --- [           main] org.apache.http.headers                  : http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.14 (Java/17.0.8)
2023-11-02 16:05:24.392 DEBUG 1187 --- [           main] org.apache.http.wire                     : http-outgoing-0 >> "PUT /admin/realms/master HTTP/1.1[\r][\n]"
2023-11-02 16:05:24.393 DEBUG 1187 --- [           main] org.apache.http.wire                     : http-outgoing-0 >> "Authorization: Bearer eyJhbGciO ... vg[\r][\n]"
2023-11-02 16:05:24.393 DEBUG 1187 --- [           main] org.apache.http.wire                     : http-outgoing-0 >> "Content-Type: application/json[\r][\n]"
2023-11-02 16:05:24.393 DEBUG 1187 --- [           main] org.apache.http.wire                     : http-outgoing-0 >> "Content-Length: 3981[\r][\n]"
2023-11-02 16:05:24.393 DEBUG 1187 --- [           main] org.apache.http.wire                     : http-outgoing-0 >> "Host: localhost:8080[\r][\n]"
2023-11-02 16:05:24.394 DEBUG 1187 --- [           main] org.apache.http.wire                     : http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]"
2023-11-02 16:05:24.394 DEBUG 1187 --- [           main] org.apache.http.wire                     : http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.5.14 (Java/17.0.8)[\r][\n]"
2023-11-02 16:05:24.394 DEBUG 1187 --- [           main] org.apache.http.wire                     : http-outgoing-0 >> "[\r][\n]"
2023-11-02 16:05:24.394 DEBUG 1187 --- [           main] org.apache.http.wire                     : http-outgoing-0 >> "{"id":null,"realm":"master","displayName":null,"displayNameHtml":null,"notBefore":null,"defaultSignatureAlgorithm":null,"revokeRefreshToken":null,"refreshTokenMaxReuse":null,"accessTokenLifespan":null,"accessTokenLifespanForImplicitFlow":null,"ssoSessionIdleTimeout":null,"ssoSessionMaxLifespan":null,"ssoSessionIdleTimeoutRememberMe":null,"ssoSessionMaxLifespanRememberMe":null,"offlineSessionIdleTimeout":null,"offlineSessionMaxLifespanEnabled":null,"offlineSessionMaxLifespan":null,"clientSessionIdleTimeout":null,"clientSessionMaxLifespan":null,"clientOfflineSessionIdleTimeout":null,"clientOfflineSessionMaxLifespan":null,"accessCodeLifespan":null,"accessCodeLifespanUserAction":null,"accessCodeLifespanLogin":null,"actionTokenGeneratedByAdminLifespan":null,"actionTokenGeneratedByUserLifespan":null,"oauth2DeviceCodeLifespan":null,"oauth2DevicePollingInterval":null,"enabled":null,"sslRequired":null,"passwordCredentialGrantAllowed":null,"registrationAllowed":null,"registrationEmailAsUsername":null,"rememberMe":null,"verifyEmail":null,"loginWithEmailAllowed":null,"duplicateEmailsAllowed":null,"resetPasswordAllowed":null,"editUsernameAllowed":null,"bruteForceProtected":null,"permanentLockout":null,"maxFailureWaitSeconds":null,"minimumQuickLoginWaitSeconds":null,"waitIncrementSeconds":null,"quickLoginCheckMilliSeconds":null,"maxDeltaTimeSeconds":null,"failureFactor":null,"privateKey":null,"publicKey":null,"certificate":null,"codeSecret":null,"roles":null,"groups":null,"defaultRoles":null,"defaultRole":null,"defaultGroups":null,"requiredCredentials":null,"passwordPolicy":null,"otpPolicyType":null,"otpPolicyAlgorithm":null,"otpPolicyInitialCounter":null,"otpPolicyDigits":null,"otpPolicyLookAheadWindow":null,"otpPolicyPeriod":null,"otpPolicyCodeReusable":null,"otpSupportedApplications":null,"webAuthnPolicyRpEntityName":null,"webAuthnPolicySignatureAlgorithms":null,"webAuthnPolicyRpId":null,"webAuthnPolicyAttestationConveyancePreference":null,"webAuthnPolicyAuthenticatorAttachment":null,"webAuthnPolicyRequireResidentKey":null,"webAuthnPolicyUserVerificationRequirement":null,"webAuthnPolicyCreateTimeout":null,"webAuthnPolicyAvoidSameAuthenticatorRegister":null,"webAuthnPolicyAcceptableAaguids":null,"webAuthnPolicyPasswordlessRpEntityName":null,"webAuthnPolicyPasswordlessSignatureAlgorithms":null,"webAuthnPolicyPasswordlessRpId":null,"webAuthnPolicyPasswordlessAttestationConveyancePreference":null,"webAuthnPolicyPasswordlessAuthenticatorAttachment":null,"webAuthnPolicyPasswordlessRequireResidentKey":null,"webAuthnPolicyPasswordlessUserVerificationRequirement":null,"webAuthnPolicyPasswordlessCreateTimeout":null,"webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister":null,"webAuthnPolicyPasswordlessAcceptableAaguids":null,"users":null,"federatedUsers":null,"scopeMappings":null,"clientScopeMappings":null,"clients":null,"clientScopes":null,"defaultDefaultClientScopes":null,"defaultOptionalClientScopes":null,"browserSecurityHeaders":null,"smtpServer":null,"userFederationProviders":null,"userFederationMappers":null,"loginTheme":null,"accountTheme":null,"adminTheme":null,"emailTheme":null,"eventsEnabled":false,"eventsExpiration":null,"eventsListeners":null,"enabledEventTypes":null,"adminEventsEnabled":null,"adminEventsDetailsEnabled":null,"identityProviders":null,"identityProviderMappers":null,"protocolMappers":null,"components":null,"internationalizationEnabled":null,"supportedLocales":null,"defaultLocale":null,"authenticationFlows":null,"authenticatorConfig":null,"requiredActions":null,"browserFlow":null,"registrationFlow":null,"directGrantFlow":null,"resetCredentialsFlow":null,"clientAuthenticationFlow":null,"dockerAuthenticationFlow":null,"attributes":null,"keycloakVersion":null,"userManagedAccessAllowed":null,"social":null,"updateProfileOnInitialSocialLogin":null,"socialProviders":null,"applicationScopeMappings":null,"applications":null,"oauthClients":null,"clientTemplates":null,"clientProfiles":null,"clientPolicies":null}"

The error response is:

2023-11-02 16:05:24.423 DEBUG 1187 --- [           main] org.apache.http.wire                     : http-outgoing-0 << "HTTP/1.1 400 Bad Request[\r][\n]"
2023-11-02 16:05:24.423 DEBUG 1187 --- [           main] org.apache.http.wire                     : http-outgoing-0 << "Referrer-Policy: no-referrer[\r][\n]"
2023-11-02 16:05:24.423 DEBUG 1187 --- [           main] org.apache.http.wire                     : http-outgoing-0 << "X-Frame-Options: SAMEORIGIN[\r][\n]"
2023-11-02 16:05:24.423 DEBUG 1187 --- [           main] org.apache.http.wire                     : http-outgoing-0 << "Strict-Transport-Security: max-age=31536000; includeSubDomains[\r][\n]"
2023-11-02 16:05:24.423 DEBUG 1187 --- [           main] org.apache.http.wire                     : http-outgoing-0 << "X-Content-Type-Options: nosniff[\r][\n]"
2023-11-02 16:05:24.423 DEBUG 1187 --- [           main] org.apache.http.wire                     : http-outgoing-0 << "X-XSS-Protection: 1; mode=block[\r][\n]"
2023-11-02 16:05:24.423 DEBUG 1187 --- [           main] org.apache.http.wire                     : http-outgoing-0 << "Content-Type: application/json[\r][\n]"
2023-11-02 16:05:24.423 DEBUG 1187 --- [           main] org.apache.http.wire                     : http-outgoing-0 << "content-length: 83[\r][\n]"
2023-11-02 16:05:24.423 DEBUG 1187 --- [           main] org.apache.http.wire                     : http-outgoing-0 << "[\r][\n]"
2023-11-02 16:05:24.424 DEBUG 1187 --- [           main] org.apache.http.wire                     : http-outgoing-0 << "{"errorMessage":"java.lang.IllegalStateException: Session/EntityManager is closed"}"
2023-11-02 16:05:24.424 DEBUG 1187 --- [           main] org.apache.http.headers                  : http-outgoing-0 << HTTP/1.1 400 Bad Request
2023-11-02 16:05:24.424 DEBUG 1187 --- [           main] org.apache.http.headers                  : http-outgoing-0 << Referrer-Policy: no-referrer
2023-11-02 16:05:24.424 DEBUG 1187 --- [           main] org.apache.http.headers                  : http-outgoing-0 << X-Frame-Options: SAMEORIGIN
2023-11-02 16:05:24.425 DEBUG 1187 --- [           main] org.apache.http.headers                  : http-outgoing-0 << Strict-Transport-Security: max-age=31536000; includeSubDomains
2023-11-02 16:05:24.425 DEBUG 1187 --- [           main] org.apache.http.headers                  : http-outgoing-0 << X-Content-Type-Options: nosniff
2023-11-02 16:05:24.425 DEBUG 1187 --- [           main] org.apache.http.headers                  : http-outgoing-0 << X-XSS-Protection: 1; mode=block
2023-11-02 16:05:24.425 DEBUG 1187 --- [           main] org.apache.http.headers                  : http-outgoing-0 << Content-Type: application/json
2023-11-02 16:05:24.425 DEBUG 1187 --- [           main] org.apache.http.headers                  : http-outgoing-0 << content-length: 83

In Keycloak we do not see any relevant log messages, even on log level trace.

Expected Behavior

When I import a yaml as described above, a user is created in the master realm.

Steps To Reproduce

Run keycloak-config-cli with the above yaml file


STAGE=dev noglob java -jar ./keycloak-config-cli.jar \
    --logging.level.root=trace \
    --keycloak.url=http://localhost:8080 \
    --keycloak.user=admin \
    --keycloak.password=admin \
    --keycloak.availability-check.enabled=true \
    --import.cache.enabled=false \
    --import.var-substitution.enabled=true \
    --import.files.locations=./config/** \

Environment

  • Keycloak Version: 22.0.5
  • keycloak-config-cli Version: 5.9.0
  • Java Version: 17

Anything else?

No response
@HenningWaack
Copy link
Author

Seems to be related to the following Keycloak issue, which has been fixed but not released, yet:
keycloak/keycloak#23943

@rblaine95 rblaine95 mentioned this issue Nov 22, 2023
Closed
rblaine95 added a commit to didx-xyz/yoma that referenced this issue Nov 22, 2023
@rblaine95
Bump Keycloak
1482da7 
* Keycloak `22.0.4`
  * keycloak/keycloak#23943
  * adorsys/keycloak-config-cli#939
* Keycloak Config CLI `5.9.0-22.0.4`
* Keycloak Webhooks `0.4.0`
* Tailscale `1.54.0`
rblaine95 added a commit to didx-xyz/yoma that referenced this issue Nov 22, 2023
@rblaine95
Bump Keycloak
c86ec16 
* Keycloak `22.0.4`
  * keycloak/keycloak#23943
  * adorsys/keycloak-config-cli#939
* Keycloak Config CLI `5.9.0-22.0.4`
* Keycloak Webhooks `0.4.0`
* Tailscale `1.54.0`
rblaine95 added a commit to didx-xyz/yoma that referenced this issue Nov 22, 2023
@rblaine95
Bump Keycloak
4897f69 
* Keycloak `22.0.4`
  * keycloak/keycloak#23943
  * adorsys/keycloak-config-cli#939
* Keycloak Config CLI `5.9.0-22.0.4`
* Keycloak Webhooks `0.4.0`
* Tailscale `1.54.0`
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@HenningWaack