[keycloak-user] HTTP error - 400 Bad Request - create realm CLI

Muein Muzamil shmuein+keycloak-dev at gmail.com
Thu Feb 23 14:14:15 EST 2017 

Hi All,

I was looking at the workaround suggested as part of
https://issues.jboss.org/browse/KEYCLOAK-1268 to basically remove the
client composite roles from the admin role. Do we have any API available
for this, which we can call after realm creation?

Regards,
Muein

On Wed, Feb 15, 2017 at 5:04 AM, Colin Coleman <cco at capraconsulting.no>
wrote:

> The –x trick gave me enough info to find this…
>
>
>
> https://issues.jboss.org/browse/KEYCLOAK-1268
>
>
>
> And even if the workarounds work it looks like keycloak was not designed
> and is not tested for the sort of multi-tenant setup I was trying to do.
>
>
>
> The jdbc driver version was a red herring – everything is the latest
> version
>
>
>
> Using the CLI with –x I got the following
>
>
>
> HTTP error - 400 Bad Request
>
> org.keycloak.client.admin.cli.util.HttpResponseException: HTTP error -
> 400 Bad Request
>
>                 at org.keycloak.client.admin.cli.util.HeadersBodyStatus.
> checkSuccess(HeadersBodyStatus.java:61)
>
>                 at org.keycloak.client.admin.cli.
> util.HttpUtil.checkSuccess(HttpUtil.java:329)
>
>                 at org.keycloak.client.admin.cli.
> commands.AbstractRequestCmd.process(AbstractRequestCmd.java:363)
>
>                 at org.keycloak.client.admin.cli.
> commands.AbstractRequestCmd.execute(AbstractRequestCmd.java:126)
>
>                 at org.jboss.aesh.console.command.container.
> DefaultCommandContainer.executeCommand(DefaultCommandContainer.java:63)
>
>                 at org.jboss.aesh.console.command.container.
> DefaultCommandContainer.executeCommand(DefaultCommandContainer.java:48)
>
>                 at org.keycloak.client.admin.cli.
> aesh.AeshConsoleCallbackImpl.execute(AeshConsoleCallbackImpl.java:54)
>
>                 at org.jboss.aesh.console.AeshProcess.run(AeshProcess.
> java:53)
>
>                 at java.util.concurrent.ThreadPoolExecutor.runWorker(
> ThreadPoolExecutor.java:1142)
>
>                 at java.util.concurrent.ThreadPoolExecutor$Worker.run(
> ThreadPoolExecutor.java:617)
>
>                 at java.lang.Thread.run(Thread.java:745)
>
> Caused by: java.lang.RuntimeException: <html>
>
> <head><title>400 Request Header Or Cookie Too Large</title></head>
>
> <body bgcolor="white">
>
> <center><h1>400 Bad Request</h1></center>
>
> <center>Request Header Or Cookie Too Large</center>
>
> <hr><center>awselb/2.0</center>
>
> </body>
>
> </html>
>
>
>
> Colin
>
>
>
> From: Colin Coleman <cco at capraconsulting.no>
> Date: Wednesday, 15 February 2017 at 10:05
> To: Marko Strukelj <mstrukel at redhat.com>
> Cc: keycloak-user <keycloak-user at lists.jboss.org>
> Subject: Re: [keycloak-user] HTTP error - 400 Bad Request - create realm
> CLI
>
>
>
> There is no stacktrace on the logs – I turned the <root-logger> level up
> to debug and could find nothing then either.
>
> The only difference between a success when there were less than 20 realms
> and a failure when there were more than 20 realms was a lack of  debug
> lines from org.hibernate which seems to show that the database never gets
> queried when a 400 is produced.
>
>
>
> My Stack is:
>
> Ubuntu 16.04
>
> openjdk version "1.8.0_121"
>
> PostgreSQL 9.6.1 (running on different machine)
>
> keycloak-2.5.1.Final – running uning standalone-ha.xml
>
> DB driver: postgresql-9.4.1212.jre6.jar
>
>
>
> Writing this I notice that the db driver and db are not on the same level
> – I will update this and test again.
>
>
>
> ------------------------------------------------
>
> Colin
>
>
>
> From: Marko Strukelj <mstrukel at redhat.com>
> Date: Tuesday, 14 February 2017 at 18:16
> To: Colin Coleman <cco at capraconsulting.no>
> Cc: keycloak-user <keycloak-user at lists.jboss.org>
> Subject: Re: [keycloak-user] HTTP error - 400 Bad Request - create realm
> CLI
>
>
>
> There is no such restriction, and I can't reproduce your issue.
>
>
>
> Is there any stacktrace on the server?
>
>
>
> Do you get any more information on the client if you add -x option?
>
>
>
>
>
>
>
> On Tue, Feb 14, 2017 at 1:01 PM, Colin Coleman <cco at capraconsulting.no>
> wrote:
>
> Hello,
>
>
>
> Is there a setting limiting the number of realms that can be created with
> the CLI?
>
> When creating realms via the CLI I start getting HTTP error - 400 Bad
> Request after about 20 realms
>
>
>
>
>
> kcadm.sh create realms -s realm=test3 -s enabled=true
>
> kcadm.sh create realms -s realm=test4 -s enabled=true
>
> kcadm.sh create realms -s realm=test5 -s enabled=true
>
> .
>
> .
>
> .
>
>
>
> I get
>
>
>
> .
>
> .
>
> Created new realm with id 'test13'
>
> Created new realm with id 'test14'
>
> HTTP error - 400 Bad Request
>
> HTTP error - 400 Bad Request
>
> .
>
> .
>
> .
>
>
>
>
>
> Colin
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

More information about the keycloak-user mailing list