[keycloak-user] How to configure Keycloak Admin Client to only access a specific Realm?

Celso Agra celso.agra at gmail.com
Tue May 30 16:37:11 EDT 2017 

Hi all,

I'm trying to configure keycloak to manage users in a specific realm. Here
is my code:

*Keycloak kc = KeycloakBuilder.builder()*
*    .serverUrl("http://localhost:8080/auth <http://localhost:8080/auth>")*
*    .realm("realm1").username("user")*
* .password("secret")*
*    .clientId("admin-cli")*
*    .resteasyClient(new
ResteasyClientBuilder().connectionPoolSize(10).build()*
*    ).build();*


*RealmResource realmResource = kc.realm("realm1");*
*UsersResource userRessource = realmResource.users();*
*System.out.println("Count: " + userRessource.count());*


When I run this code, I'm getting this error:

*javax.ws.rs.BadRequestException: HTTP 400 Bad Request*
* at
org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.handleErrorStatus(ClientInvocation.java:212)*
* at
org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.extractResult(ClientInvocation.java:189)*
* at
org.jboss.resteasy.client.jaxrs.internal.proxy.extractors.BodyEntityExtractor.extractEntity(BodyEntityExtractor.java:60)*
* at
org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invoke(ClientInvoker.java:107)*
* at
org.jboss.resteasy.client.jaxrs.internal.proxy.ClientProxy.invoke(ClientProxy.java:76)*
* at com.sun.proxy.$Proxy32.grantToken(Unknown Source)*
* at
org.keycloak.admin.client.token.TokenManager.grantToken(TokenManager.java:89)*
* at
org.keycloak.admin.client.token.TokenManager.getAccessToken(TokenManager.java:69)*
* at
org.keycloak.admin.client.token.TokenManager.getAccessTokenString(TokenManager.java:64)*
* at
org.keycloak.admin.client.resource.BearerAuthFilter.filter(BearerAuthFilter.java:52)*
* at
org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.invoke(ClientInvocation.java:431)*
* at
org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invoke(ClientInvoker.java:105)*
* at
org.jboss.resteasy.client.jaxrs.internal.proxy.ClientProxy.invoke(ClientProxy.java:76)*
* at com.sun.proxy.$Proxy40.count(Unknown Source)*
* at
pe.gov.br.ati.service.KeycloakClientService.validateAndInsertUser(KeycloakClientService.java:72)*
* at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)*
* at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)*
* at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)*
* at java.lang.reflect.Method.invoke(Unknown Source)*
* at org.apache.camel.component.bean.MethodInfo.invoke(MethodInfo.java:408)*
* at
org.apache.camel.component.bean.MethodInfo$1.doProceed(MethodInfo.java:279)*
* at
org.apache.camel.component.bean.MethodInfo$1.proceed(MethodInfo.java:252)*
* at
org.apache.camel.component.bean.BeanProcessor.process(BeanProcessor.java:177)*
* at
org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:77)*
* at
org.apache.camel.processor.RedeliveryErrorHandler.process(RedeliveryErrorHandler.java:468)*
* at
org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:196)*
* at org.apache.camel.processor.Pipeline.process(Pipeline.java:121)*
* at org.apache.camel.processor.Pipeline.process(Pipeline.java:83)*
* at
org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:196)*
* at
org.apache.camel.component.direct.DirectProducer.process(DirectProducer.java:62)*
* at
org.apache.camel.processor.SendProcessor.process(SendProcessor.java:145)*
* at
org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:77)*
* at
org.apache.camel.processor.RedeliveryErrorHandler.process(RedeliveryErrorHandler.java:468)*
* at
org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:196)*
* at org.apache.camel.processor.Pipeline.process(Pipeline.java:121)*
* at org.apache.camel.processor.Pipeline.process(Pipeline.java:83)*
* at
org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:196)*
* at
org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:109)*
* at *
* ...*


But when I change the realm to "master", such as:

*Keycloak kc = KeycloakBuilder.builder()*
*    .serverUrl("http://localhost:8080/auth <http://localhost:8080/auth>")*
*    .realm("master").username("admin")*
* .password("admin123!")*
*    .clientId("admin-cli")*
*    .resteasyClient(new
ResteasyClientBuilder().connectionPoolSize(10).build()*
*    ).build();*

*RealmResource realmResource = kc.realm("realm1");*
*UsersResource userRessource = realmResource.users();*
*System.out.println("Count: " + userRessource.count());*


The code works fine.
I'd like to know if the admin user in the master realm is the only way to
add users using the keycloak Admin Client.

Is anybody get this same issue?

Best Regards

-- 
---
*Celso Agra*

More information about the keycloak-user mailing list