[keycloak-dev] Partial import - problem with client's default roles

Dariusz Chrzascik dchrzascik at novomatic-tech.com
Mon Oct 1 11:00:12 EDT 2018 

+ realm defnition 

>>> "Dariusz Chrzascik" <dchrzascik at novomatic-tech.com> 10/01/18 4:58 PM
>>>
Hi,
I've encountered an issue when using Admin Console's partial import.
I've enclosed simplified realm configuration that demonstrates the case.
Importing that realm results in exception:


15:45:43,675 ERROR [org.keycloak.services] (default task-103)
KC-SERVICES0038: Error importing roles:
org.keycloak.models.ModelDuplicateException
    at
org.keycloak.models.jpa.JpaRealmProvider.addClientRole(JpaRealmProvider.java:228)
    at
org.keycloak.models.cache.infinispan.RealmCacheSession.addClientRole(RealmCacheSession.java:683)
    at
org.keycloak.models.jpa.ClientAdapter.addRole(ClientAdapter.java:626)
    at
org.keycloak.models.utils.RepresentationToModel.importRoles(RepresentationToModel.java:504)
    at
org.keycloak.partialimport.RolesPartialImport.doImport(RolesPartialImport.java:98)
    at
org.keycloak.partialimport.PartialImportManager.saveResources(PartialImportManager.java:77)
    at
org.keycloak.services.resources.admin.RealmAdminResource.partialImport(RealmAdminResource.java:1064)


I've observed that it is caused by importing a realm where client has
roles and some of them are default for that client. This results in
creating a client with default roles first and then creating a roles.
This fails as client creation is accompanied by creating default roles.
Perhaps, it can be solved by making argument "addDefaultRoles" in
RepresentationToModel.createClient configurable from the partialImport.
Currently it is always set to true (see ClientPartialImport.create).

Has anyone encountered that issue or maybe has suggestion how to fix it?

PS:
The workaround is to run partial import twice:
1. for clients only
2. for roles
but in my case it is not an option.

Regards,
Dariusz Chrząścik



CONFIDENTIALITY NOTICE
------------------------------------
This E-mail is intended only to be read or used by the addressee. The
information contained in this E-mail message may be confidential
information. If you are not the intended recipient, any use,
interference with, distribution, disclosure or copying of this material
is unauthorized and prohibited. Confidentiality attached to this
communication is not waived or lost by reason of the mistaken delivery
to you.
If you have received this message in error, please delete it and notify
us by return E-mail or telephone NOVOMATIC Technologies Poland S.A. +48
12 258 00 50. Any E-mail attachment may contain software viruses which
could damage your own computer system. Whilst reasonable precaution has
been taken to minimize this risk, we cannot accept liability for any
damage which you sustain as a result of software viruses. You should
therefore carry out your own virus checks before opening any
attachments.
------------------------------------
NOVOMATIC Technologies Poland S.A., Poland, Krakowska 368, 32-080
Zabierzów





CONFIDENTIALITY NOTICE
------------------------------------
This E-mail is intended only to be read or used by the addressee. The information contained in this E-mail message may be confidential information. If you are not the intended recipient, any use, interference with, distribution, disclosure or copying of this material is unauthorized and prohibited. Confidentiality attached to this communication is not waived or lost by reason of the mistaken delivery to you.
If you have received this message in error, please delete it and notify us by return E-mail or telephone NOVOMATIC Technologies Poland S.A. +48 12 258 00 50. Any E-mail attachment may contain software viruses which could damage your own computer system. Whilst reasonable precaution has been taken to minimize this risk, we cannot accept liability for any damage which you sustain as a result of software viruses. You should therefore carry out your own virus checks before opening any attachments.
------------------------------------
NOVOMATIC Technologies Poland S.A., Poland, Krakowska 368, 32-080 Zabierzów

-------------- next part --------------
A non-text attachment was scrubbed...
Name: defaultRolesInClient.json
Type: application/octet-stream
Size: 1256 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-dev/attachments/20181001/43d5738c/attachment.obj

More information about the keycloak-dev mailing list