Indeed ! The workaround works.
On Wed, Jan 11, 2017 at 2:03 PM, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
Adding "Accept: application/json" should workaround that
issue.
On 11 January 2017 at 13:27, Sebastien Blanc <sblanc(a)redhat.com> wrote:
> It's not on GH but jira :
https://issues.jboss.org/browse/KEYCLOAK-4192
>
>
>
> On Wed, Jan 11, 2017 at 1:18 PM, Sven Thoms <sven.thoms(a)gmail.com> wrote:
>
> > Yes, it appears so. Let me know the Bug URL on github, please. Glad I
> > could help and learn about Keycloak internals at the same time.
> >
> > Am 11.01.2017 12:48 nachm. schrieb "Sebastien Blanc"
<sblanc(a)redhat.com
> >:
> >
> >> Thanks ! So we have a bug on the PUT endpoint for the response , let me
> >> open a ticket for that.
> >>
> >>
> >>
> >> On Wed, Jan 11, 2017 at 12:42 PM, Sven Thoms <sven.thoms(a)gmail.com>
> >> wrote:
> >>
> >>> Hello Sebastien
> >>>
> >>>
> >>> Your PUT to the client registration endpoint made clear to me why I
> was
> >>> not able to set service accounts to enabled in the oidc endpoint
> request at
> >>>
> >>>
> >>>
https://host/auth/realms/myrealm/clients-registrations/openid-connect
> >>>
> >>>
> >>> <
https://host/auth/realms/myrealm/clients-registrations/open
> id-connect>
> >>>
> >>> <
https://host/auth/realms/myrealm/clients-registrations/open
> id-connect>As
> >>> I see it, it has to do with provider type
> >>>
> >>>
> >>> oidc vs.
> >>>
> >>>
> >>> default
> >>>
> >>>
> >>> with different objects behind it
> >>>
> >>>
> >>>
https://github.com/keycloak/keycloak/blob/1aeec2a83c6677cd7d
> >>> cfccb6ba2c39d10143b920/core/src/main/java/org/keycloak/repre
> >>> sentations/oidc/OIDCClientRepresentation.java
> >>>
> >>> <
https://github.com/keycloak/keycloak/blob/1aeec2a83c6677cd7
> dcfccb6ba2c39d10143b920/core/src/main/java/org/keycloak/
> representations/oidc/OIDCClientRepresentation.java>
> >>> keycloak/OIDCClientRepresentation.java at
> 1aeec2a83c6677cd7dcfccb6ba2c39d10143b920
> >>> · keycloak/keycloak · GitHub
> >>> <
https://github.com/keycloak/keycloak/blob/1aeec2a83c6677cd7
> dcfccb6ba2c39d10143b920/core/src/main/java/org/keycloak/
> representations/oidc/OIDCClientRepresentation.java>
> >>>
github.com
> >>> keycloak - Open Source Identity and Access Management For Modern
> >>> Applications and Services
> >>>
> >>>
> >>> vs.
> >>>
> >>>
> >>>
https://github.com/keycloak/keycloak/blob/1aeec2a83c6677cd7d
> >>> cfccb6ba2c39d10143b920/core/src/main/java/org/keycloak/repre
> >>> sentations/idm/ClientRepresentation.java
> >>>
> >>> <
https://github.com/keycloak/keycloak/blob/1aeec2a83c6677cd7
> dcfccb6ba2c39d10143b920/core/src/main/java/org/keycloak/
> representations/idm/ClientRepresentation.java>
> >>> keycloak/ClientRepresentation.java at 1aeec2a83c6677cd7dcfccb6ba2c39
> d10143b920
> >>> · keycloak/keycloak · GitHub
> >>> <
https://github.com/keycloak/keycloak/blob/1aeec2a83c6677cd7
> dcfccb6ba2c39d10143b920/core/src/main/java/org/keycloak/
> representations/idm/ClientRepresentation.java>
> >>>
github.com
> >>> keycloak - Open Source Identity and Access Management For Modern
> >>> Applications and Services
> >>> After I POST to
https://host/auth/realms/my
> >>> realm/clients-registrations/openid-connect a simple
>
> >>>
> >>>
> >>> { "client_name": "aclient",
"redirect_uris" : ["
> >>>
https://clienturl/callback"] }'
> >>>
> >>>
> >>> and then use the registration access token returned to update / PUT
> the
> >>> client (under clients-registrations/default/...
> >>>
> >>>
> >>> I get a 500 server error, but the service account is enabled correctly
> >>> for that client.
> >>>
> >>>
> >>> Here is my verbose CURL output
> >>>
> >>>
> >>> curl -v -X PUT \
> >>> > -d '{ "clientId":
"dynamic_client_id_returned_from_oidc",
> >>> "serviceAccountsEnabled": true }' \
> >>> > -H "Content-Type:application/json" \
> >>> > -H "Authorization: bearer
registration_access_token_from_oidc"
> \
> >>> >
https://host/auth/realms/myrealm/clients-registrations/def
> >>> ault/dynamic_client_id_returned_from_oidc
> >>> * Trying 127.0.0.1...
> >>> * Connected to localhost (127.0.0.1) port 443 (#0)
> >>> * TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
> >>> * Server certificate: xxx
> >>> * Server certificate: xxx
> >>> > PUT /auth/realms/myrealm/clients-registrations/default/dynamic_c
> lient_id_returned_from_oidc
> >>> HTTP/1.1
> >>> > Host: localhost
> >>> > User-Agent: curl/7.43.0
> >>> > Accept: */*
> >>> > Content-Type:application/json
> >>> > Authorization: bearer registration_access_token_from_oidc
> >>> > Content-Length: 86
> >>> >
> >>> * upload completely sent off: 86 out of 86 bytes
> >>> < HTTP/1.1 500 Internal Server Error
> >>> < Connection: keep-alive
> >>> < X-Powered-By: Undertow/1
> >>> < Server: WildFly/10
> >>> < Content-Type: text/html
> >>> < Content-Length: 155
> >>> < Date: Wed, 11 Jan 2017 11:24:02 GMT
> >>> <
> >>> * Connection #0 to host localhost left intact
> >>> Could not find MessageBodyWriter for response object of type:
> >>>
> >>> org.keycloak.representations.idm.ClientRepresentation of media type:
> >>> application/octet-stream
> >>>
> >>> Am 11.01.2017 9:12 vorm. schrieb "Sebastien Blanc"
<sblanc(a)redhat.com
> >:
> >>>
> >>>> Yes I was talking about the registration_endpoint , I just did the
> test
> >>>> with something like :
> >>>>
> >>>> curl -X PUT \
> >>>> -d '{ "clientId": "testclient",
"serviceAccountsEnabled": true
> }' \
> >>>> -H "Content-Type:application/json" \
> >>>> -H "Authorization: bearer
my_registration_access_token" \
> >>>>
http://localhost:8080/auth/realms/myrealm/clients-registrati
> >>>> ons/default/testclient
> >>>>
> >>>> My Service Accounts for this client is then enabled but Keycloak
> fails
> >>>> to returns a response for this PUT request. So I'm not able to
get
> the new
> >>>> registration access token.
> >>>>
> >>>> Could you try this request and if it fails for you as well I will
> open
> >>>> a ticket ?
> >>>>
> >>>> Seb
> >>>>
> >>>>
> >>>>
> >>>> On Wed, Jan 11, 2017 at 8:16 AM, Sven Thoms
<sven.thoms(a)gmail.com>
> >>>> wrote:
> >>>>
> >>>>> Hello Sebastien
> >>>>>
> >>>>> Are you talking about the Admin REST endpoint or the
> >>>>> registration_endpoint defined at
> >>>>> /auth/reales/[realmname]/.well-known/openid-configuration?
> >>>>>
> >>>>> I am trying to submit a registration request via
> registration_endpoint
> >>>>> and submit a field enabling the service account.
> >>>>>
> >>>>> According to the openid connect dynamic client registration
> >>>>> documentation at
openid.net, the request payload is
> non-normative, I
> >>>>> am just not able to enable service account that way.
> >>>>>
> >>>>> Am 10.01.2017 10:32 vorm. schrieb "Sebastien Blanc"
<
> sblanc(a)redhat.com
> >>>>> >:
> >>>>>
> >>>>>> I haven't tried it but when registering the client, in
the payload,
> >>>>>> the ClientRepresentation, there is a serviceAccountsEnabled
field
> , so
> >>>>>> maybe "service-accounts-enabled : true will do the
trick ?
> >>>>>>
> >>>>>> On Tue, Jan 10, 2017 at 10:17 AM, Sven Thoms
<sven.thoms(a)gmail.com
> >
> >>>>>> wrote:
> >>>>>>
> >>>>>>> Is it possible via a setting to automatically enable
clients
> >>>>>>> registered
> >>>>>>> dynamically via the well-known registration endpoint
and
> registration
> >>>>>>> access token? My current approach is to iterate over
all clients
> >>>>>>> post -
> >>>>>>> creation and set serviceaccountsEnabled to true. I need
a more
> >>>>>>> prompt and
> >>>>>>> real-time way
> >>>>>>> _______________________________________________
> >>>>>>> keycloak-user mailing list
> >>>>>>> keycloak-user(a)lists.jboss.org
> >>>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>>>>>>
> >>>>>>
> >>>>>>
> >>>>
> >>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>