[keycloak-user] Can't set password when registering a user
Marko Strukelj
mstrukel at redhat.com
Mon May 15 10:50:12 EDT 2017
You need to invoke resetPassword on UserResource, after creating a new user
:
https://github.com/keycloak/keycloak/blob/3.1.0.Final/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ApiUtil.java#L153-L159
On Mon, May 15, 2017 at 12:01 PM, Scott Finlay <scott.finlay at sixt.com>
wrote:
> Diving into the code, I see this, which seems to be the endpoint for
> creating a user:
>
>
> https://github.com/keycloak/keycloak/blob/2.5.x/services/
> src/main/java/org/keycloak/services/resources/admin/
> UsersResource.java#L207
>
> This then calls:
> https://github.com/keycloak/keycloak/blob/2.5.x/services/
> src/main/java/org/keycloak/services/resources/admin/
> UsersResource.java#L244
>
> That seems to just set the basic user data like name, email, enabled, etc.
> Then it sets the "required actions", and then the custom attributes. I see
> nothing regarding credentials there.
>
>
> Is this just hidden away somewhere else, or is it just really missing from
> here?
>
> ________________________________
> From: Scott Finlay
> Sent: Monday, May 15, 2017 11:14:26 AM
> To: Alex Berg
> Cc: keycloak-user at lists.jboss.org
> Subject: Re: [keycloak-user] Can't set password when registering a user
>
>
> Hmm, that request body doesn't look very different from my example. I've
> tried now removing the additional fields
>
> I had and adding the few you have and I still get exactly the same
> outcome: when I try impersonating the user in
>
> the Keycloak admin panel he has no password set (but he does when I
> explicitly call the reset-password endpoint).
>
>
> Is there some setting/role/permission I'm missing maybe? I'm using version
> 2.5.5.Final.
>
> ________________________________
> From: Alex Berg <chexxor at gmail.com>
> Sent: Friday, May 12, 2017 6:09:59 PM
> To: Scott Finlay
> Cc: keycloak-user at lists.jboss.org
> Subject: Re: [keycloak-user] Can't set password when registering a user
>
> I do something like that, and it works for me.
>
> The content of my XHR is JSON of this:
>
> { credentials : [
> { type: "password"
> , temporary: false
> , value: regBody.password
> }
> ]
> , email: regBody.email
> , username: regBody.email
> , emailVerified: false
> , enabled: true
> , requiredActions: [ "VERIFY_EMAIL" ]
> }
>
> The created user's ID is available on the "location" response header.
>
> On Fri, May 12, 2017 at 2:27 AM, Scott Finlay <scott.finlay at sixt.com
> <mailto:scott.finlay at sixt.com>> wrote:
> Hi,
>
> According to the Keycloak admin API documentation:
> http://www.keycloak.org/docs-api/2.5/rest-api/index.html#_
> create_a_new_user
> -> http://www.keycloak.org/docs-api/2.5/rest-api/index.html#_
> userrepresentation
> -> http://www.keycloak.org/docs-api/2.5/rest-api/index.html#_
> credentialrepresentation
>
> We should be able to provide credentials when creating a new user, but
> when I provide credentials it doesn't seem to set the password for the new
> user. Here is what my request looks like:
>
> POST /auth/admin/realms/myrealm/users/
> {"enabled":true,"username":"blah at blop.com<mailto:blah at blop.com>","email":"
> blah at blop.com<mailto:blah at blop.com>","firstName":"Blah","lastName":"
> Blop","attributes":{"userId":["1234"]},"credentials":[{"
> type":"password","temporary":false,"value":"secr$tP4ssword"}]}
>
> Just as an experiment, I tried passing a single "credential" instead of an
> array of credentials and I got this error back:
>
> internal server error;KeyCloak HTTP Error Response [400]:
> com.fasterxml.jackson.databind.JsonMappingException: Can not deserialize
> instance of java.util.ArrayList out of START_OBJECT token at [Source:
> io.undertow.servlet.spec.ServletInputStreamImpl at 264472bc; line: 1,
> column: 156] (through reference chain: org.keycloak.representations.
> idm.UserRepresentation["credentials"])
>
> So clearly Keycloak is actually parsing this field. Am I doing something
> wrong with this request or is the documentation wrong?
>
> Right now what we've been doing to get around this is registering the user
> and then doing a reset password request after, but this makes the request
> to our service take twice as long. It would be great if we could reduce
> this to a single request.
>
> Regards,
> Scott
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list