<div dir="ltr"><div class="gmail_extra">Hi,</div><div class="gmail_extra"><br></div><div class="gmail_extra">I have a standard keycloak 1.7.0-Final and a separate jax-rs service (both in docker) to create a simple test-user programatically with hardcoded params:</div><div class="gmail_extra"><br></div><div class="gmail_extra"><div class="gmail_extra">@Path(&quot;users&quot;)</div><div class="gmail_extra">@Stateless</div><div class="gmail_extra">public class UsersResource {</div><div class="gmail_extra"><br></div><div class="gmail_extra">    @POST</div><div class="gmail_extra">    public Response createTestUser() {</div><div class="gmail_extra">        Keycloak kc = Keycloak.getInstance(</div><div class="gmail_extra">                &quot;<a href="http://192.168.99.100:8180/auth">http://192.168.99.100:8180/auth</a>&quot;,</div><div class="gmail_extra">                &quot;master&quot;,</div><div class="gmail_extra">                &quot;admin&quot;, &quot;password&quot;,</div><div class="gmail_extra">                &quot;security-admin-console&quot;);</div><div class="gmail_extra"><br></div><div class="gmail_extra">        CredentialRepresentation credential = new CredentialRepresentation();</div><div class="gmail_extra">        credential.setType(CredentialRepresentation.PASSWORD);</div><div class="gmail_extra">        credential.setValue(&quot;test123&quot;);</div><div class="gmail_extra">        credential.setTemporary(false); /</div><div class="gmail_extra">        UserRepresentation user = new UserRepresentation();</div><div class="gmail_extra">        user.setUsername(&quot;testuser&quot;);</div><div class="gmail_extra">        user.setFirstName(&quot;Test&quot;);</div><div class="gmail_extra">        user.setLastName(&quot;User&quot;);</div><div class="gmail_extra">        user.setCredentials(Arrays.asList(credential));</div><div class="gmail_extra">        user.setEnabled(true);</div><div class="gmail_extra">        user.setRealmRoles(Arrays.asList(&quot;admin&quot;));</div><div class="gmail_extra">        Response result = kc.realm(&quot;master&quot;).users().create(user);</div><div class="gmail_extra">        return result;</div><div class="gmail_extra">    }</div><div class="gmail_extra">}</div><div class="gmail_extra"><br></div><div class="gmail_extra">But calling the JAX-RS endpoint returns in a delegated 400 Bad request. The KC log states only:</div><div class="gmail_extra">







<p class=""><span class="">00:40:23,436 WARN  [org.keycloak.events] (default task-9) type=LOGIN_ERROR, realmId=master, clientId=security-admin-console, userId=null, ipAddress=172.17.0.1, error=not_allowed, grant_type=password, auth_method=oauth_credentials, client_auth_method=client-secret</span></p><p class="">Any ideas?<br></p><p class=""><span class="">Kind regards,</span></p><p class=""><span class="">Dirk</span></p></div></div></div>