[keycloak-user] programatically create user gives 400 bad request

Tue Jan 12 04:08:39 EST 2016

Make sure to use the Constants.ADMIN_CLI_CLIENT_ID (admin-cli) as the 
client, instead of Constants.ADMIN_CONSOLE_CLIENT_ID 
(security-admin-console). The second has direct grant disabled by default.

Additionally, make sure that the admin account already had its password 
changed.

- Juca.

On 12.01.2016 09:04, Stian Thorgersen wrote:
> You need a separate request to set the user credentials, same goes with
> role mappings. Take a look at:
>
> https://github.com/keycloak/keycloak/blob/master/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/UserTest.java#L595
>
> On 12 January 2016 at 02:08, Dirk Franssen <dirk.franssen at gmail.com
> <mailto:dirk.franssen at gmail.com>> wrote:
>
>     Hi,
>
>     I have a standard keycloak 1.7.0-Final and a separate jax-rs service
>     (both in docker) to create a simple test-user programatically with
>     hardcoded params:
>
>     @Path("users")
>     @Stateless
>     public class UsersResource {
>
>          @POST
>          public Response createTestUser() {
>              Keycloak kc = Keycloak.getInstance(
>                      "http://192.168.99.100:8180/auth",
>                      "master",
>                      "admin", "password",
>                      "security-admin-console");
>
>              CredentialRepresentation credential = new
>     CredentialRepresentation();
>              credential.setType(CredentialRepresentation.PASSWORD);
>              credential.setValue("test123");
>              credential.setTemporary(false); /
>              UserRepresentation user = new UserRepresentation();
>              user.setUsername("testuser");
>              user.setFirstName("Test");
>              user.setLastName("User");
>              user.setCredentials(Arrays.asList(credential));
>              user.setEnabled(true);
>              user.setRealmRoles(Arrays.asList("admin"));
>              Response result = kc.realm("master").users().create(user);
>              return result;
>          }
>     }
>
>     But calling the JAX-RS endpoint returns in a delegated 400 Bad
>     request. The KC log states only:
>
>     00:40:23,436 WARN  [org.keycloak.events] (default task-9)
>     type=LOGIN_ERROR, realmId=master, clientId=security-admin-console,
>     userId=null, ipAddress=172.17.0.1, error=not_allowed,
>     grant_type=password, auth_method=oauth_credentials,
>     client_auth_method=client-secret
>
>     Any ideas?
>
>     Kind regards,
>
>     Dirk
>
>
>     _______________________________________________
>     keycloak-user mailing list
>     keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>     https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>