[keycloak-user] Can't set password when registering a user

Scott Finlay scott.finlay at sixt.com
Mon May 15 05:14:26 EDT 2017 

Hmm, that request body doesn't look very different from my example. I've tried now removing the additional fields

I had and adding the few you have and I still get exactly the same outcome: when I try impersonating the user in

the Keycloak admin panel he has no password set (but he does when I explicitly call the reset-password endpoint).


Is there some setting/role/permission I'm missing maybe? I'm using version 2.5.5.Final.

________________________________
From: Alex Berg <chexxor at gmail.com>
Sent: Friday, May 12, 2017 6:09:59 PM
To: Scott Finlay
Cc: keycloak-user at lists.jboss.org
Subject: Re: [keycloak-user] Can't set password when registering a user

I do something like that, and it works for me.

The content of my XHR is JSON of this:

              { credentials : [
                { type: "password"
                , temporary: false
                , value: regBody.password
                }
              ]
              , email: regBody.email
              , username: regBody.email
              , emailVerified: false
              , enabled: true
              , requiredActions: [ "VERIFY_EMAIL" ]
              }

The created user's ID is available on the "location" response header.

On Fri, May 12, 2017 at 2:27 AM, Scott Finlay <scott.finlay at sixt.com<mailto:scott.finlay at sixt.com>> wrote:
Hi,

According to the Keycloak admin API documentation:
http://www.keycloak.org/docs-api/2.5/rest-api/index.html#_create_a_new_user
-> http://www.keycloak.org/docs-api/2.5/rest-api/index.html#_userrepresentation
-> http://www.keycloak.org/docs-api/2.5/rest-api/index.html#_credentialrepresentation

We should be able to provide credentials when creating a new user, but when I provide credentials it doesn't seem to set the password for the new user. Here is what my request looks like:

POST /auth/admin/realms/myrealm/users/
{"enabled":true,"username":"blah at blop.com<mailto:blah at blop.com>","email":"blah at blop.com<mailto:blah at blop.com>","firstName":"Blah","lastName":"Blop","attributes":{"userId":["1234"]},"credentials":[{"type":"password","temporary":false,"value":"secr$tP4ssword"}]}

Just as an experiment, I tried passing a single "credential" instead of an array of credentials and I got this error back:

internal server error;KeyCloak HTTP Error Response [400]: com.fasterxml.jackson.databind.JsonMappingException: Can not deserialize instance of java.util.ArrayList out of START_OBJECT token at [Source: io.undertow.servlet.spec.ServletInputStreamImpl at 264472bc; line: 1, column: 156] (through reference chain: org.keycloak.representations.idm.UserRepresentation["credentials"])

So clearly Keycloak is actually parsing this field. Am I doing something wrong with this request or is the documentation wrong?

Right now what we've been doing to get around this is registering the user and then doing a reset password request after, but this makes the request to our service take twice as long. It would be great if we could reduce this to a single request.

Regards,
Scott

_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list