[keycloak-dev] Partial import - problem with client's default roles
Dariusz Chrzascik
dchrzascik at novomatic-tech.com
Mon Oct 1 10:50:09 EDT 2018
Hi,
I've encountered an issue when using Admin Console's partial import.
I've enclosed simplified realm configuration that demonstrates the case.
Importing that realm results in exception:
15:45:43,675 ERROR [org.keycloak.services] (default task-103)
KC-SERVICES0038: Error importing roles:
org.keycloak.models.ModelDuplicateException
at
org.keycloak.models.jpa.JpaRealmProvider.addClientRole(JpaRealmProvider.java:228)
at
org.keycloak.models.cache.infinispan.RealmCacheSession.addClientRole(RealmCacheSession.java:683)
at
org.keycloak.models.jpa.ClientAdapter.addRole(ClientAdapter.java:626)
at
org.keycloak.models.utils.RepresentationToModel.importRoles(RepresentationToModel.java:504)
at
org.keycloak.partialimport.RolesPartialImport.doImport(RolesPartialImport.java:98)
at
org.keycloak.partialimport.PartialImportManager.saveResources(PartialImportManager.java:77)
at
org.keycloak.services.resources.admin.RealmAdminResource.partialImport(RealmAdminResource.java:1064)
I've observed that it is caused by importing a realm where client has
roles and some of them are default for that client. This results in
creating a client with default roles first and then creating a roles.
This fails as client creation is accompanied by creating default roles.
Perhaps, it can be solved by making argument "addDefaultRoles" in
RepresentationToModel.createClient configurable from the partialImport.
Currently it is always set to true (see ClientPartialImport.create).
Has anyone encountered that issue or maybe has suggestion how to fix it?
PS:
The workaround is to run partial import twice:
1. for clients only
2. for roles
but in my case it is not an option.
Regards,
Dariusz Chrząścik
CONFIDENTIALITY NOTICE
------------------------------------
This E-mail is intended only to be read or used by the addressee. The information contained in this E-mail message may be confidential information. If you are not the intended recipient, any use, interference with, distribution, disclosure or copying of this material is unauthorized and prohibited. Confidentiality attached to this communication is not waived or lost by reason of the mistaken delivery to you.
If you have received this message in error, please delete it and notify us by return E-mail or telephone NOVOMATIC Technologies Poland S.A. +48 12 258 00 50. Any E-mail attachment may contain software viruses which could damage your own computer system. Whilst reasonable precaution has been taken to minimize this risk, we cannot accept liability for any damage which you sustain as a result of software viruses. You should therefore carry out your own virus checks before opening any attachments.
------------------------------------
NOVOMATIC Technologies Poland S.A., Poland, Krakowska 368, 32-080 Zabierzów
More information about the keycloak-dev
mailing list