<div dir="ltr">You need a separate request to set the user credentials, same goes with role mappings. Take a look at:<div><br></div><div><a href="https://github.com/keycloak/keycloak/blob/master/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/UserTest.java#L595">https://github.com/keycloak/keycloak/blob/master/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/UserTest.java#L595</a><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 12 January 2016 at 02:08, Dirk Franssen <span dir="ltr">&lt;<a href="mailto:dirk.franssen@gmail.com" target="_blank">dirk.franssen@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra">Hi,</div><div class="gmail_extra"><br></div><div class="gmail_extra">I have a standard keycloak 1.7.0-Final and a separate jax-rs service (both in docker) to create a simple test-user programatically with hardcoded params:</div><div class="gmail_extra"><br></div><div class="gmail_extra"><div class="gmail_extra">@Path(&quot;users&quot;)</div><div class="gmail_extra">@Stateless</div><div class="gmail_extra">public class UsersResource {</div><div class="gmail_extra"><br></div><div class="gmail_extra">    @POST</div><div class="gmail_extra">    public Response createTestUser() {</div><div class="gmail_extra">        Keycloak kc = Keycloak.getInstance(</div><div class="gmail_extra">                &quot;<a href="http://192.168.99.100:8180/auth" target="_blank">http://192.168.99.100:8180/auth</a>&quot;,</div><div class="gmail_extra">                &quot;master&quot;,</div><div class="gmail_extra">                &quot;admin&quot;, &quot;password&quot;,</div><div class="gmail_extra">                &quot;security-admin-console&quot;);</div><div class="gmail_extra"><br></div><div class="gmail_extra">        CredentialRepresentation credential = new CredentialRepresentation();</div><div class="gmail_extra">        credential.setType(CredentialRepresentation.PASSWORD);</div><div class="gmail_extra">        credential.setValue(&quot;test123&quot;);</div><div class="gmail_extra">        credential.setTemporary(false); /</div><div class="gmail_extra">        UserRepresentation user = new UserRepresentation();</div><div class="gmail_extra">        user.setUsername(&quot;testuser&quot;);</div><div class="gmail_extra">        user.setFirstName(&quot;Test&quot;);</div><div class="gmail_extra">        user.setLastName(&quot;User&quot;);</div><div class="gmail_extra">        user.setCredentials(Arrays.asList(credential));</div><div class="gmail_extra">        user.setEnabled(true);</div><div class="gmail_extra">        user.setRealmRoles(Arrays.asList(&quot;admin&quot;));</div><div class="gmail_extra">        Response result = kc.realm(&quot;master&quot;).users().create(user);</div><div class="gmail_extra">        return result;</div><div class="gmail_extra">    }</div><div class="gmail_extra">}</div><div class="gmail_extra"><br></div><div class="gmail_extra">But calling the JAX-RS endpoint returns in a delegated 400 Bad request. The KC log states only:</div><div class="gmail_extra">







<p><span>00:40:23,436 WARN  [org.keycloak.events] (default task-9) type=LOGIN_ERROR, realmId=master, clientId=security-admin-console, userId=null, ipAddress=172.17.0.1, error=not_allowed, grant_type=password, auth_method=oauth_credentials, client_auth_method=client-secret</span></p><p>Any ideas?<br></p><p><span>Kind regards,</span></p><p><span>Dirk</span></p></div></div></div>
<br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>