I'm following the latest CLI documentation (http://www.keycloak.org/docs/latest/server_admin/index.html#the-admin-cli), but the section about managing Kerberos user storage providers seems to be out-of-date. The related REST API documentation (http://www.keycloak.org/docs/latest/server_development/index.html#rest-ma...) points out major changes occurred after version 2.4.0. In particular the following command no longer works: kcadm.sh create user-federation/instances -r demorealm ... Instead it seems it should be something like the following: kcadm.sh create components -r demorealm -s parentId=demorealm -s name="kerberos" -s providerId="kerberos" -s providerType="org.keycloak.storage.UserStorageProvider"\ -s config.enabled=["true"] -s config.allowPasswordAuthentication=["true"] -s config.debug=["false"] -s config.priority=["0"] -s config.updateProfileFirstLogin=["false"] However, this "create components" command only seems to work if I don't include the following otherwise desirable attributes: -s config.keyTab=["path-to-keytab"] -s config.kerberosRealm=["kerberos-realm-name"] -s config.cachePolicy=["DEFAULT"] -s config.editMode=["READ_ONLY"] -s config.serverPrincipal=["http-principal-name"] Including any one of them results in the server throwing the following exception: Uncaught server error: com.fasterxml.jackson.databind.JsonMappingException: Can not deserialize instance of java.util.ArrayList out of VALUE_STRING token Further, even if I leave these attributes out and attempt to finish the job using the web console I noticed the new user storage provider doesn't show up in the list on the web. It DOES show up when queried from the command line with: kcadm.sh get components -r demorealm But oddly doesn't show up if you filter as the web does with: kcadm.sh get components -r demorealm -q type=org.keycloak.storage.UserStorageProvider Any help is appreciated. Thanks, Ryan