[keycloak-user] How to configure Keycloak Admin Client to only access a specific Realm?
Celso Agra
celso.agra at gmail.com
Tue May 30 18:01:19 EDT 2017
Solved!
I need to create an user in the master realm, with these configurations.
Go to *Users >> adminRealm*
In the Role Mappings tab, choose "realm1-realm" in the Client Roles, and
assign these roles: *manage-users, view-clients, view-realm and view-users*
Then, I just configure my code with realm to "master", such as:
*Keycloak kc = KeycloakBuilder.builder()*
* .serverUrl("http://localhost:8080/auth <http://localhost:8080/auth>")*
* .realm("master").username("adminRealm")*
* .password("adminRealm123!")*
* .clientId("admin-cli")*
* .resteasyClient(new
ResteasyClientBuilder().connectionPoolSize(10).build()*
* ).build();*
*RealmResource realmResource = kc.realm("realm1");*
*UsersResource userRessource = realmResource.users();*
*System.out.println("Count: " + userRessource.count());*
This code works fine. for now!
2017-05-30 17:37 GMT-03:00 Celso Agra <celso.agra at gmail.com>:
> Hi all,
>
> I'm trying to configure keycloak to manage users in a specific realm. Here
> is my code:
>
> *Keycloak kc = KeycloakBuilder.builder()*
> * .serverUrl("http://localhost:8080/auth <http://localhost:8080/auth>")*
> * .realm("realm1").username("user")*
> * .password("secret")*
> * .clientId("admin-cli")*
> * .resteasyClient(new
> ResteasyClientBuilder().connectionPoolSize(10).build()*
> * ).build();*
>
>
> *RealmResource realmResource = kc.realm("realm1");*
> *UsersResource userRessource = realmResource.users();*
> *System.out.println("Count: " + userRessource.count());*
>
>
> When I run this code, I'm getting this error:
>
> *javax.ws.rs <http://javax.ws.rs>.BadRequestException: HTTP 400 Bad
> Request*
> * at
> org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.handleErrorStatus(ClientInvocation.java:212)*
> * at
> org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.extractResult(ClientInvocation.java:189)*
> * at
> org.jboss.resteasy.client.jaxrs.internal.proxy.extractors.BodyEntityExtractor.extractEntity(BodyEntityExtractor.java:60)*
> * at
> org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invoke(ClientInvoker.java:107)*
> * at
> org.jboss.resteasy.client.jaxrs.internal.proxy.ClientProxy.invoke(ClientProxy.java:76)*
> * at com.sun.proxy.$Proxy32.grantToken(Unknown Source)*
> * at
> org.keycloak.admin.client.token.TokenManager.grantToken(TokenManager.java:89)*
> * at
> org.keycloak.admin.client.token.TokenManager.getAccessToken(TokenManager.java:69)*
> * at
> org.keycloak.admin.client.token.TokenManager.getAccessTokenString(TokenManager.java:64)*
> * at
> org.keycloak.admin.client.resource.BearerAuthFilter.filter(BearerAuthFilter.java:52)*
> * at
> org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.invoke(ClientInvocation.java:431)*
> * at
> org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invoke(ClientInvoker.java:105)*
> * at
> org.jboss.resteasy.client.jaxrs.internal.proxy.ClientProxy.invoke(ClientProxy.java:76)*
> * at com.sun.proxy.$Proxy40.count(Unknown Source)*
> * at
> pe.gov.br.ati.service.KeycloakClientService.validateAndInsertUser(KeycloakClientService.java:72)*
> * at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)*
> * at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)*
> * at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)*
> * at java.lang.reflect.Method.invoke(Unknown Source)*
> * at
> org.apache.camel.component.bean.MethodInfo.invoke(MethodInfo.java:408)*
> * at
> org.apache.camel.component.bean.MethodInfo$1.doProceed(MethodInfo.java:279)*
> * at
> org.apache.camel.component.bean.MethodInfo$1.proceed(MethodInfo.java:252)*
> * at
> org.apache.camel.component.bean.BeanProcessor.process(BeanProcessor.java:177)*
> * at
> org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:77)*
> * at
> org.apache.camel.processor.RedeliveryErrorHandler.process(RedeliveryErrorHandler.java:468)*
> * at
> org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:196)*
> * at org.apache.camel.processor.Pipeline.process(Pipeline.java:121)*
> * at org.apache.camel.processor.Pipeline.process(Pipeline.java:83)*
> * at
> org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:196)*
> * at
> org.apache.camel.component.direct.DirectProducer.process(DirectProducer.java:62)*
> * at
> org.apache.camel.processor.SendProcessor.process(SendProcessor.java:145)*
> * at
> org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:77)*
> * at
> org.apache.camel.processor.RedeliveryErrorHandler.process(RedeliveryErrorHandler.java:468)*
> * at
> org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:196)*
> * at org.apache.camel.processor.Pipeline.process(Pipeline.java:121)*
> * at org.apache.camel.processor.Pipeline.process(Pipeline.java:83)*
> * at
> org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:196)*
> * at
> org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:109)*
> * at *
> * ...*
>
>
> But when I change the realm to "master", such as:
>
> *Keycloak kc = KeycloakBuilder.builder()*
> * .serverUrl("http://localhost:8080/auth <http://localhost:8080/auth>")*
> * .realm("master").username("admin")*
> * .password("admin123!")*
> * .clientId("admin-cli")*
> * .resteasyClient(new
> ResteasyClientBuilder().connectionPoolSize(10).build()*
> * ).build();*
>
> *RealmResource realmResource = kc.realm("realm1");*
> *UsersResource userRessource = realmResource.users();*
> *System.out.println("Count: " + userRessource.count());*
>
>
> The code works fine.
> I'd like to know if the admin user in the master realm is the only way to
> add users using the keycloak Admin Client.
>
> Is anybody get this same issue?
>
> Best Regards
>
> --
> ---
> *Celso Agra*
>
--
---
*Celso Agra*
More information about the keycloak-user
mailing list