[keycloak-user] create user via java api

Michal Hajas mhajas at redhat.com
Thu Dec 5 03:02:03 EST 2019 

Hello,

Possible problem might be, that you are saying that admincloak user is in
master realm, but in KeycloakBuilder you are using SpringBootKeycloak.
Either you can create the user also in SpringBootKeycloak realm and add
appropriate roles to him or change realm to master.

btw. Not sure if this will help, but we are using Admin client quite a lot
in testsuite and here is how we are creating it:
https://github.com/keycloak/keycloak/blob/master/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/AdminClientUtil.java#L61

Regards,
Michal

On Wed, Dec 4, 2019 at 6:36 PM Tony Harris <Tony.Harris at oneadvanced.com>
wrote:

> If you look under the Users Role mapping tab, and select the client Roles
> for realm-management you will find all the roles there.
>
> -----Original Message-----
> From: keycloak-user-bounces at lists.jboss.org [mailto:
> keycloak-user-bounces at lists.jboss.org] On Behalf Of John Norris
> Sent: 04 December 2019 17:02
> To: keycloak-user at lists.jboss.org
> Subject: [keycloak-user] create user via java api
>
> Hello,
> I have a spring boot application, using keycloak 6.0.1 for authentication.
> I can log on to keycloak admin via a local browser as the "admincloak"
> user (which is in the master realm) and create users in the
> "SpringBootKeycloak" realm.
> But if I try to create a user within the Spring Boot code then I get the
> following error from keycloak log
>
> 10:57:33,927 WARN  [org.keycloak.events] (default task-2)
> type=LOGIN_ERROR, realmId=SpringBootKeycloak, clientId=bikes-app,
> userId=null, ipAddress=127.0.0.1, error=invalid_user_credentials,
> auth_method=openid-connect, grant_type=password,
> client_auth_method=client-secret, username=admincloak
>
> Here is the relevant java code
>
>     private static final String SERVER_URL = "http://mint191:8080/auth";
>     private static final String REALM = "SpringBootKeycloak";
>     private static final String USERNAME = "admincloak";
>     private static final String PASSWORD = "123456";
>     private static final String CLIENT_ID = "bikes-app";
>
>     private static final String USER_ROLE = "user";
>
>     public static void createKCUser(Owner owner) {
>
>         try {
>             Keycloak keycloak = KeycloakBuilder
>                     .builder()
>                     .serverUrl(SERVER_URL)
>                     .realm(REALM)
>                     .username(USERNAME)
>                     .password(PASSWORD)
>                     .clientId(CLIENT_ID)
>                     .resteasyClient(new
> ResteasyClientBuilder().connectionPoolSize(10).build())
>                     .build();
>
>             CredentialRepresentation credentialRepresentation = new
> CredentialRepresentation();
>
> credentialRepresentation.setType(CredentialRepresentation.PASSWORD);
>             credentialRepresentation.setValue("12345678");
>
>             UserRepresentation userRepresentation = new
> UserRepresentation();
>             userRepresentation.setUsername(owner.getUserName());
>             userRepresentation.setFirstName(owner.getFirstName());
>             userRepresentation.setLastName(owner.getSurName());
>             userRepresentation.setEnabled(true);
>
> userRepresentation.setCredentials(Arrays.asList(credentialRepresentation));
>             keycloak.realm(REALM).users().create(userRepresentation);
>
> The stacktrace has
>                 javax.ws.rs.ProcessingException: javax.ws.rs.NotAuthorizedException:
> HTTP 401 Unauthorized for the
> "keycloak.realm(REALM).users().create(userRepresentation);" line
>
> I have seen in previous posts that
> "Make sure that your user has the permissions "manage-users" and
> "view-realm" from the role "realm-management". Make sure your scopes are
> defined such that these roles actually are part of your token."
>
> When I go into keycloak admin and look at the admincloak user in the
> master realm, then the effective roles in the role mappings tab are admin
> create-realm offline-access uma_authorization
>
> But I can't see a "realm-management" role in roles in master. I can see
> the roles "manage-users" and  "view-realm" in the client "master-realm"
> under the roles tab.
>
> So, in summary, I am confused.
>
> Regards,
> John
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>  This email has been scanned by ForcePoint.
>
> ________________________________
>
> Please consider the environment: Think before you print!
>
>
> This message has been scanned for malware by Websense. www.websense.com
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>

More information about the keycloak-user mailing list