<div dir="ltr">You need a separate request to set the user credentials, same goes with role mappings. Take a look at:<div><br></div><div><a href="https://github.com/keycloak/keycloak/blob/master/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/UserTest.java#L595">https://github.com/keycloak/keycloak/blob/master/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/UserTest.java#L595</a><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 12 January 2016 at 02:08, Dirk Franssen <span dir="ltr"><<a href="mailto:dirk.franssen@gmail.com" target="_blank">dirk.franssen@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra">Hi,</div><div class="gmail_extra"><br></div><div class="gmail_extra">I have a standard keycloak 1.7.0-Final and a separate jax-rs service (both in docker) to create a simple test-user programatically with hardcoded params:</div><div class="gmail_extra"><br></div><div class="gmail_extra"><div class="gmail_extra">@Path("users")</div><div class="gmail_extra">@Stateless</div><div class="gmail_extra">public class UsersResource {</div><div class="gmail_extra"><br></div><div class="gmail_extra"> @POST</div><div class="gmail_extra"> public Response createTestUser() {</div><div class="gmail_extra"> Keycloak kc = Keycloak.getInstance(</div><div class="gmail_extra"> "<a href="http://192.168.99.100:8180/auth" target="_blank">http://192.168.99.100:8180/auth</a>",</div><div class="gmail_extra"> "master",</div><div class="gmail_extra"> "admin", "password",</div><div class="gmail_extra"> "security-admin-console");</div><div class="gmail_extra"><br></div><div class="gmail_extra"> CredentialRepresentation credential = new CredentialRepresentation();</div><div class="gmail_extra"> credential.setType(CredentialRepresentation.PASSWORD);</div><div class="gmail_extra"> credential.setValue("test123");</div><div class="gmail_extra"> credential.setTemporary(false); /</div><div class="gmail_extra"> UserRepresentation user = new UserRepresentation();</div><div class="gmail_extra"> user.setUsername("testuser");</div><div class="gmail_extra"> user.setFirstName("Test");</div><div class="gmail_extra"> user.setLastName("User");</div><div class="gmail_extra"> user.setCredentials(Arrays.asList(credential));</div><div class="gmail_extra"> user.setEnabled(true);</div><div class="gmail_extra"> user.setRealmRoles(Arrays.asList("admin"));</div><div class="gmail_extra"> Response result = kc.realm("master").users().create(user);</div><div class="gmail_extra"> return result;</div><div class="gmail_extra"> }</div><div class="gmail_extra">}</div><div class="gmail_extra"><br></div><div class="gmail_extra">But calling the JAX-RS endpoint returns in a delegated 400 Bad request. The KC log states only:</div><div class="gmail_extra">
<p><span>00:40:23,436 WARN [org.keycloak.events] (default task-9) type=LOGIN_ERROR, realmId=master, clientId=security-admin-console, userId=null, ipAddress=172.17.0.1, error=not_allowed, grant_type=password, auth_method=oauth_credentials, client_auth_method=client-secret</span></p><p>Any ideas?<br></p><p><span>Kind regards,</span></p><p><span>Dirk</span></p></div></div></div>
<br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>