<div dir="ltr">That&#39;s better advice ;)<div><br></div><div>I miss-read the email and thought the problem was the user couldn&#39;t login afterwards</div></div><div class="gmail_extra"><br><div class="gmail_quote">On 12 January 2016 at 10:08, Juraci Paixão Kröhling <span dir="ltr">&lt;<a href="mailto:juraci@kroehling.de" target="_blank">juraci@kroehling.de</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Make sure to use the Constants.ADMIN_CLI_CLIENT_ID (admin-cli) as the<br>
client, instead of Constants.ADMIN_CONSOLE_CLIENT_ID<br>
(security-admin-console). The second has direct grant disabled by default.<br>
<br>
Additionally, make sure that the admin account already had its password<br>
changed.<br>
<br>
- Juca.<br>
<span class=""><br>
On 12.01.2016 09:04, Stian Thorgersen wrote:<br>
&gt; You need a separate request to set the user credentials, same goes with<br>
&gt; role mappings. Take a look at:<br>
&gt;<br>
&gt; <a href="https://github.com/keycloak/keycloak/blob/master/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/UserTest.java#L595" rel="noreferrer" target="_blank">https://github.com/keycloak/keycloak/blob/master/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/UserTest.java#L595</a><br>
&gt;<br>
&gt; On 12 January 2016 at 02:08, Dirk Franssen &lt;<a href="mailto:dirk.franssen@gmail.com">dirk.franssen@gmail.com</a><br>
</span><div><div class="h5">&gt; &lt;mailto:<a href="mailto:dirk.franssen@gmail.com">dirk.franssen@gmail.com</a>&gt;&gt; wrote:<br>
&gt;<br>
&gt;     Hi,<br>
&gt;<br>
&gt;     I have a standard keycloak 1.7.0-Final and a separate jax-rs service<br>
&gt;     (both in docker) to create a simple test-user programatically with<br>
&gt;     hardcoded params:<br>
&gt;<br>
&gt;     @Path(&quot;users&quot;)<br>
&gt;     @Stateless<br>
&gt;     public class UsersResource {<br>
&gt;<br>
&gt;          @POST<br>
&gt;          public Response createTestUser() {<br>
&gt;              Keycloak kc = Keycloak.getInstance(<br>
&gt;                      &quot;<a href="http://192.168.99.100:8180/auth" rel="noreferrer" target="_blank">http://192.168.99.100:8180/auth</a>&quot;,<br>
&gt;                      &quot;master&quot;,<br>
&gt;                      &quot;admin&quot;, &quot;password&quot;,<br>
&gt;                      &quot;security-admin-console&quot;);<br>
&gt;<br>
&gt;              CredentialRepresentation credential = new<br>
&gt;     CredentialRepresentation();<br>
&gt;              credential.setType(CredentialRepresentation.PASSWORD);<br>
&gt;              credential.setValue(&quot;test123&quot;);<br>
&gt;              credential.setTemporary(false); /<br>
&gt;              UserRepresentation user = new UserRepresentation();<br>
&gt;              user.setUsername(&quot;testuser&quot;);<br>
&gt;              user.setFirstName(&quot;Test&quot;);<br>
&gt;              user.setLastName(&quot;User&quot;);<br>
&gt;              user.setCredentials(Arrays.asList(credential));<br>
&gt;              user.setEnabled(true);<br>
&gt;              user.setRealmRoles(Arrays.asList(&quot;admin&quot;));<br>
&gt;              Response result = kc.realm(&quot;master&quot;).users().create(user);<br>
&gt;              return result;<br>
&gt;          }<br>
&gt;     }<br>
&gt;<br>
&gt;     But calling the JAX-RS endpoint returns in a delegated 400 Bad<br>
&gt;     request. The KC log states only:<br>
&gt;<br>
&gt;     00:40:23,436 WARN  [org.keycloak.events] (default task-9)<br>
&gt;     type=LOGIN_ERROR, realmId=master, clientId=security-admin-console,<br>
&gt;     userId=null, ipAddress=172.17.0.1, error=not_allowed,<br>
&gt;     grant_type=password, auth_method=oauth_credentials,<br>
&gt;     client_auth_method=client-secret<br>
&gt;<br>
&gt;     Any ideas?<br>
&gt;<br>
&gt;     Kind regards,<br>
&gt;<br>
&gt;     Dirk<br>
&gt;<br>
&gt;<br>
&gt;     _______________________________________________<br>
&gt;     keycloak-user mailing list<br>
</div></div>&gt;     <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a> &lt;mailto:<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>&gt;<br>
&gt;     <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
<div class="HOEnZb"><div class="h5">&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt; _______________________________________________<br>
&gt; keycloak-user mailing list<br>
&gt; <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
&gt; <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
&gt;<br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</div></div></blockquote></div><br></div>