The –x trick gave me enough info to find this…
https://issues.jboss.org/browse/KEYCLOAK-1268
And even if the workarounds work it looks like keycloak was not designed and is not tested
for the sort of multi-tenant setup I was trying to do.
The jdbc driver version was a red herring – everything is the latest version
Using the CLI with –x I got the following
HTTP error - 400 Bad Request
org.keycloak.client.admin.cli.util.HttpResponseException: HTTP error - 400 Bad Request
at
org.keycloak.client.admin.cli.util.HeadersBodyStatus.checkSuccess(HeadersBodyStatus.java:61)
at
org.keycloak.client.admin.cli.util.HttpUtil.checkSuccess(HttpUtil.java:329)
at
org.keycloak.client.admin.cli.commands.AbstractRequestCmd.process(AbstractRequestCmd.java:363)
at
org.keycloak.client.admin.cli.commands.AbstractRequestCmd.execute(AbstractRequestCmd.java:126)
at
org.jboss.aesh.console.command.container.DefaultCommandContainer.executeCommand(DefaultCommandContainer.java:63)
at
org.jboss.aesh.console.command.container.DefaultCommandContainer.executeCommand(DefaultCommandContainer.java:48)
at
org.keycloak.client.admin.cli.aesh.AeshConsoleCallbackImpl.execute(AeshConsoleCallbackImpl.java:54)
at org.jboss.aesh.console.AeshProcess.run(AeshProcess.java:53)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.RuntimeException: <html>
<head><title>400 Request Header Or Cookie Too
Large</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<center>Request Header Or Cookie Too Large</center>
<hr><center>awselb/2.0</center>
</body>
</html>
Colin
From: Colin Coleman <cco(a)capraconsulting.no>
Date: Wednesday, 15 February 2017 at 10:05
To: Marko Strukelj <mstrukel(a)redhat.com>
Cc: keycloak-user <keycloak-user(a)lists.jboss.org>
Subject: Re: [keycloak-user] HTTP error - 400 Bad Request - create realm CLI
There is no stacktrace on the logs – I turned the <root-logger> level up to debug
and could find nothing then either.
The only difference between a success when there were less than 20 realms and a failure
when there were more than 20 realms was a lack of debug lines from org.hibernate which
seems to show that the database never gets queried when a 400 is produced.
My Stack is:
Ubuntu 16.04
openjdk version "1.8.0_121"
PostgreSQL 9.6.1 (running on different machine)
keycloak-2.5.1.Final – running uning standalone-ha.xml
DB driver: postgresql-9.4.1212.jre6.jar
Writing this I notice that the db driver and db are not on the same level – I will update
this and test again.
------------------------------------------------
Colin
From: Marko Strukelj <mstrukel(a)redhat.com>
Date: Tuesday, 14 February 2017 at 18:16
To: Colin Coleman <cco(a)capraconsulting.no>
Cc: keycloak-user <keycloak-user(a)lists.jboss.org>
Subject: Re: [keycloak-user] HTTP error - 400 Bad Request - create realm CLI
There is no such restriction, and I can't reproduce your issue.
Is there any stacktrace on the server?
Do you get any more information on the client if you add -x option?
On Tue, Feb 14, 2017 at 1:01 PM, Colin Coleman <cco(a)capraconsulting.no> wrote:
Hello,
Is there a setting limiting the number of realms that can be created with the CLI?
When creating realms via the CLI I start getting HTTP error - 400 Bad Request after about
20 realms
kcadm.sh create realms -s realm=test3 -s enabled=true
kcadm.sh create realms -s realm=test4 -s enabled=true
kcadm.sh create realms -s realm=test5 -s enabled=true
.
.
.
I get
.
.
Created new realm with id 'test13'
Created new realm with id 'test14'
HTTP error - 400 Bad Request
HTTP error - 400 Bad Request
.
.
.
Colin
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user