If you look under the Users Role mapping tab, and select the client Roles for
realm-management you will find all the roles there.
-----Original Message-----
From: keycloak-user-bounces(a)lists.jboss.org [mailto:keycloak-user-bounces@lists.jboss.org]
On Behalf Of John Norris
Sent: 04 December 2019 17:02
To: keycloak-user(a)lists.jboss.org
Subject: [keycloak-user] create user via java api
Hello,
I have a spring boot application, using keycloak 6.0.1 for authentication.
I can log on to keycloak admin via a local browser as the "admincloak" user
(which is in the master realm) and create users in the "SpringBootKeycloak"
realm.
But if I try to create a user within the Spring Boot code then I get the following error
from keycloak log
10:57:33,927 WARN [org.keycloak.events] (default task-2) type=LOGIN_ERROR,
realmId=SpringBootKeycloak, clientId=bikes-app, userId=null, ipAddress=127.0.0.1,
error=invalid_user_credentials, auth_method=openid-connect, grant_type=password,
client_auth_method=client-secret, username=admincloak
Here is the relevant java code
private static final String SERVER_URL = "http://mint191:8080/auth";
private static final String REALM = "SpringBootKeycloak";
private static final String USERNAME = "admincloak";
private static final String PASSWORD = "123456";
private static final String CLIENT_ID = "bikes-app";
private static final String USER_ROLE = "user";
public static void createKCUser(Owner owner) {
try {
Keycloak keycloak = KeycloakBuilder
.builder()
.serverUrl(SERVER_URL)
.realm(REALM)
.username(USERNAME)
.password(PASSWORD)
.clientId(CLIENT_ID)
.resteasyClient(new
ResteasyClientBuilder().connectionPoolSize(10).build())
.build();
CredentialRepresentation credentialRepresentation = new
CredentialRepresentation();
credentialRepresentation.setType(CredentialRepresentation.PASSWORD);
credentialRepresentation.setValue("12345678");
UserRepresentation userRepresentation = new UserRepresentation();
userRepresentation.setUsername(owner.getUserName());
userRepresentation.setFirstName(owner.getFirstName());
userRepresentation.setLastName(owner.getSurName());
userRepresentation.setEnabled(true);
userRepresentation.setCredentials(Arrays.asList(credentialRepresentation));
keycloak.realm(REALM).users().create(userRepresentation);
The stacktrace has
javax.ws.rs.ProcessingException: javax.ws.rs.NotAuthorizedException: HTTP
401 Unauthorized for the
"keycloak.realm(REALM).users().create(userRepresentation);" line
I have seen in previous posts that
"Make sure that your user has the permissions "manage-users" and
"view-realm" from the role "realm-management". Make sure your scopes
are defined such that these roles actually are part of your token."
When I go into keycloak admin and look at the admincloak user in the master realm, then
the effective roles in the role mappings tab are admin create-realm offline-access
uma_authorization
But I can't see a "realm-management" role in roles in master. I can see the
roles "manage-users" and "view-realm" in the client
"master-realm" under the roles tab.
So, in summary, I am confused.
Regards,
John
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
This email has been scanned by ForcePoint.
________________________________
Please consider the environment: Think before you print!
This message has been scanned for malware by Websense.
www.websense.com