[keycloak-user] Fwd: Trying to create a user in a realm I get 405 response
Jorge Morales Pou
jmorales at redhat.com
Thu Jul 5 15:03:48 EDT 2018
It's there, in the headers you can see it set.
The first ansible call uses form-urlencode, but the second, the one
failing, sets the content type as json.
Jorge
Any typo was my phone
El jue., 5 jul. 2018 20:30, Pedro Igor Silva <psilva at redhat.com> escribió:
> What if you set Content-Type: "application/json" to the request
> definition ?
>
> On Thu, Jul 5, 2018 at 2:52 PM, Jorge Morales Pou <jmorales at redhat.com>
> wrote:
>
>> Hi,
>> I'm deploying Che on OpenShift and I was trying to pre-create some users
>> in
>> Keycloak.
>> This Che and Keycloak are deployed using Ansible, and so far so good. I'm
>> using the templates from github.com/eclipse/che.
>>
>> This deployment comes preconfigured with a che realm as well as the
>> ability
>> to change the master realm admin's username and password, which I do, for
>> security reasons, but the che realm don't allow me to change the
>> username/password for the admin, so those default to admin/admin (as of
>> now).
>>
>> The problem comes when I try to create a user via rest.
>>
>> I have the following 2 ansible tasks (they are easily understood):
>>
>> - name: get auth token from keycloak
>> uri:
>> url: http://keycloak-{{ project_name }}.{{ apps_hostname_suffix
>> }}/auth/realms/che/protocol/openid-connect/token
>> method: POST
>> body:
>> "username=admin&password=admin&grant_type=password&client_id=admin-cli
>> "
>> status_code: 200
>> headers:
>> Content-Type: "application/x-www-form-urlencoded"
>> status_code: 200
>> register: access_token_result
>>
>> - set_fact:
>> access_token_bearer: "{{ access_token_result.json |
>> json_query('access_token') }}"
>>
>> - name: Pre-create {{ che_generate_user_count }} users in che realm with
>> format ({{ che_generate_user_format }})
>> uri:
>> url: http://che-{{ project_name }}.{{ apps_hostname_suffix
>> }}/admin/realms/che/users
>> method: POST
>> body: "{{ lookup('template','che-user.json.j2') }}"
>> body_format: json
>> status_code: 204
>> headers:
>> Authorization: "Bearer {{ access_token_bearer }}"
>> vars:
>> username: "{{ item }}"
>> first_name: "User"
>> last_name: "{{ item }}"
>> email: "{{ item }}@none.com"
>> password: "{{ che_generate_user_password }}"
>> with_sequence: start={{ che_generate_user_count|int if
>> che_generate_user_count|int < 1 else 1}} end={{ che_generate_user_count }}
>> format={{ che_generate_user_format }}
>> when: che_generate_user_count|int > 0
>>
>> And the che-user.json that I use for the request is this:
>> {
>> "username": "{{ username }}",
>> "enabled": "true",
>> "firstName": "{{ first_name }}",
>> "lastName": "{{ last_name }}",
>> "email": "{{ email }}",
>> "credentials": [
>> {
>> "type": "password",
>> "value": "{{ password }}"
>> }
>> ]
>> }
>>
>>
>> Everything looks perfectly configured on my end, and I've tried using curl
>> as seen in many documentation to troubleshoot but with same error.
>>
>> I get a 405, POST method not allowed.
>>
>> This is the verbose stack of the request, which has all the valuable info
>> (host-name is changed):
>>
>> ------------------------------------------------
>> failed: [localhost] (item=user1) => {
>> "changed": false,
>> "connection": "close",
>> "content": "<!doctype html><html lang=\"en\"><head><title>HTTP Status
>> 405 – Method Not Allowed</title><style type=\"text/css\">h1
>> {font-family:Tahoma,Arial,sans-serif;color:white;
>> background-color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,
>> sans-serif;color:white;background-color:#525D76;font-size:16px;} h3
>> {font-family:Tahoma,Arial,sans-serif;color:white;
>> background-color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,
>> sans-serif;color:black;background-color:white;} b
>> {font-family:Tahoma,Arial,
>> sans-serif;color:white;background-color:#525D76;} p
>>
>> {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}
>> a {color:black;} a.name {color:black;} .line
>> {height:1px;background-color:#
>> 525D76;border:none;}</style></head><body><h1>HTTP Status 405 – Method Not
>> Allowed</h1><hr class=\"line\" /><p><b>Type</b> Status
>> Report</p><p><b>Message</b> HTTP method POST is not supported by this
>> URL</p><p><b>Description</b> The method received in the request-line is
>> known by the origin server but not supported by the target
>> resource.</p><hr
>> class=\"line\" /><h3>Apache Tomcat/8.5.23</h3></body></html>",
>> "content_language": "en",
>> "content_length": "1117",
>> "content_type": "text/html;charset=utf-8",
>> "date": "Thu, 05 Jul 2018 17:12:32 GMT",
>> "invocation": {
>> "module_args": {
>> "attributes": null,
>> "backup": null,
>> "body": {
>> "credentials": [
>> {
>> "type": "password",
>> "value": "password"
>> }
>> ],
>> "email": "user1 at none.com",
>> "enabled": "true",
>> "firstName": "User",
>> "lastName": "user1",
>> "username": "user1"
>> },
>> "body_format": "json",
>> "client_cert": null,
>> "client_key": null,
>> "content": null,
>> "creates": null,
>> "delimiter": null,
>> "dest": null,
>> "directory_mode": null,
>> "follow": false,
>> "follow_redirects": "safe",
>> "force": false,
>> "force_basic_auth": false,
>> "group": null,
>> "headers": {
>> "Authorization": "Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOi
>> AiSldUIiwia2lkIiA6ICJlMjNGc3kzRlI5dnRUZms3TGlkX1lQOGU0cDNoY0
>> psM20wQTRnckIzNnJJIn0.eyJqdGkiOiIzYjkyZTUxZi1iZTc0LT
>> QwODItYmFjZS01YjAwNTA0MWE2YmIiLCJleHAiOjE1MzA4MTEwNTEsIm5iZi
>> I6MCwiaWF0IjoxNTMwODEwNzUxLCJpc3MiOiJodHRwOi8va2V5Y2xvYWstc3
>> RhcnRlci13b3Jrc2hvcC1hcGItdGVzdC5hcHBzLm9zZXZnLm9wZW5zaGlmdH
>> dvcmtzaG9wLmNvbS9hdXRoL3JlYWxtcy9jaGUiLCJhdWQiOiJhZG1pbi1jbG
>> kiLCJzdWIiOiJiMDdlM2E1OC1lZDUwLTRhNmUtYmUxNy1mY2Y0OWZmOGIyND
>> IiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJhZG1pbi1jbGkiLCJhdXRoX3RpbW
>> UiOjAsInNlc3Npb25fc3RhdGUiOiI1MGRhMGJiNy0zOTc3LTQzMjQtOWY2OS
>> 03NjkzNmEwZGIzMmMiLCJhY3IiOiIxIiwiYWxsb3dlZC1vcmlnaW5zIjpbXS
>> wicmVzb3VyY2VfYWNjZXNzIjp7fSwibmFtZSI6IkFkbWluIEFkbWluIiwicH
>> JlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4iLCJnaXZlbl9uYW1lIjoiQWRtaW
>>
>> 4iLCJmYW1pbHlfbmFtZSI6IkFkbWluIiwiZW1haWwiOiJhZG1pbkBhZG1pbi5jb20ifQ.DTjDZ_
>> Kx9QMDcLqMRtGir5PwzOhXEBc3-jg3vZgToooKfvC1b1Kw1DSHCM1hJuwriw-
>> dBp2dQMAk2CjwwFNNb2lKFVxCGvmk4KQLRG3giv_BHQcoeFZ-Ol7sQJvFL-
>> V-XyAV6KWO9a0WPai6C6hkHw37Ksp_klzk89jAoSSxrtOJ8zUOjzxT_
>> XS99cwj6NYNJnyTczppAMB14Nm8-a9gexDnUqUmOlifFCyH7i2Fyrk2pnT
>>
>> GFEFjB92QCUWJEXpFOKdx9-IGi7y8ywRH7a9R-dcuOb1_Mx6Xbi79qjfow6EKJYDAjNupKOUfOO
>> qNFscgwR6kUdbsEfRr3JCmmTL8cw",
>> "Content-Type": "application/json"
>> },
>> "http_agent": "ansible-httpget",
>> "method": "POST",
>> "mode": null,
>> "owner": null,
>> "regexp": null,
>> "remote_src": null,
>> "removes": null,
>> "return_content": false,
>> "selevel": null,
>> "serole": null,
>> "setype": null,
>> "seuser": null,
>> "src": null,
>> "status_code": [
>> "204"
>> ],
>> "timeout": 30,
>> "unsafe_writes": null,
>> "url": "
>> http://che-starter-workshop-apb-test.apps.mydomain.com/
>> auth/realms/che/users
>> <http://che-starter-workshop-apb-test.apps.mydomain.com/auth/realms/che/users>
>> ",
>> "url_password": null,
>> "url_username": null,
>> "use_proxy": true,
>> "validate_certs": true
>> }
>> },
>> "item": "user1",
>> "msg": "Status code was 405 and not [204]: HTTP Error 405: ",
>> "redirected": false,
>> "set_cookie": "688655d95dc9dee6e6f6057ef3239223=
>> 5aac40b93e1fbe870f8d213baa7a4c7a; path=/; HttpOnly",
>> "status": 405,
>> "url": "http://che-starter-workshop-apb-test.apps.osevg.
>> openshiftworkshop.com/auth/realms/che/users"
>> }
>> ------------------------------------------------
>>
>>
>> Anyone can provide some insight into what I'm doing wrong? Is it the
>> request or is it the che realm configuration
>> <
>> https://github.com/eclipse/che/blob/master/dockerfiles/init/modules/keycloak/templates/che-realm.json.erb
>> >
>> or the client in the realm
>> <
>> https://github.com/eclipse/che/blob/master/dockerfiles/init/modules/keycloak/templates/che-users-0.json.erb
>> >
>> used to get the token?
>>
>> Cheers,
>>
>> *Jorge Morales*
>> Red Hat <https://www.openshift.com/>
>> <https://www.openshift.com/>
>> OpenShift <https://www.openshift.com> Developer Advocate
>>
>> http://jorgemoral.es/
>>
>> | @jorgemoralespou <https://twitter.com/jorgemoralespou>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
More information about the keycloak-user
mailing list