[keycloak-user] create user via java api

John Norris johnnorris-10 at outlook.com
Wed Dec 4 12:01:56 EST 2019 

Hello,
I have a spring boot application, using keycloak 6.0.1 for authentication.
I can log on to keycloak admin via a local browser as the "admincloak" user (which is in the master realm) and create users in the "SpringBootKeycloak" realm.
But if I try to create a user within the Spring Boot code then I get the following error from keycloak log

10:57:33,927 WARN  [org.keycloak.events] (default task-2) type=LOGIN_ERROR,
realmId=SpringBootKeycloak, clientId=bikes-app, userId=null, ipAddress=127.0.0.1,
error=invalid_user_credentials, auth_method=openid-connect, grant_type=password,
client_auth_method=client-secret, username=admincloak

Here is the relevant java code

    private static final String SERVER_URL = "http://mint191:8080/auth";
    private static final String REALM = "SpringBootKeycloak";
    private static final String USERNAME = "admincloak";
    private static final String PASSWORD = "123456";
    private static final String CLIENT_ID = "bikes-app";

    private static final String USER_ROLE = "user";

    public static void createKCUser(Owner owner) {

        try {
            Keycloak keycloak = KeycloakBuilder
                    .builder()
                    .serverUrl(SERVER_URL)
                    .realm(REALM)
                    .username(USERNAME)
                    .password(PASSWORD)
                    .clientId(CLIENT_ID)
                    .resteasyClient(new ResteasyClientBuilder().connectionPoolSize(10).build())
                    .build();

            CredentialRepresentation credentialRepresentation = new CredentialRepresentation();
            credentialRepresentation.setType(CredentialRepresentation.PASSWORD);
            credentialRepresentation.setValue("12345678");

            UserRepresentation userRepresentation = new UserRepresentation();
            userRepresentation.setUsername(owner.getUserName());
            userRepresentation.setFirstName(owner.getFirstName());
            userRepresentation.setLastName(owner.getSurName());
            userRepresentation.setEnabled(true);
            userRepresentation.setCredentials(Arrays.asList(credentialRepresentation));
            keycloak.realm(REALM).users().create(userRepresentation);

The stacktrace has
                javax.ws.rs.ProcessingException: javax.ws.rs.NotAuthorizedException: HTTP 401 Unauthorized
for the "keycloak.realm(REALM).users().create(userRepresentation);" line

I have seen in previous posts that
"Make sure that your user has the permissions "manage-users" and  "view-realm" from the role "realm-management". Make sure your scopes are defined such that these roles actually are part of your token."

When I go into keycloak admin and look at the admincloak user in the master realm, then the effective roles in the role mappings tab are
admin
create-realm
offline-access
uma_authorization

But I can't see a "realm-management" role in roles in master. I can see the roles "manage-users" and  "view-realm" in the client "master-realm" under the roles tab.

So, in summary, I am confused.

Regards,
John

More information about the keycloak-user mailing list