`unknown_error` response when trying to create a user

2,024 views
Skip to first unread message

Wim Deblauwe

unread,
Apr 14, 2020, 5:03:20 PM4/14/20
to Keycloak User
Hi,

I am trying to write an integration test for Keycloak using testcontainers-keycloak[1]

I am using keycloak-admin-client to communicate from my Spring Boot application to Keycloak. I created a new client in my realm (e.g. `application-realm`) called `app-backend-service` and configured "Service Accounts Enabled" and a client-secret. In the "Scope" tab, I selected "realm-management" in the "Client Roles" and assigned all available roles.

I am able to create a new user in Keycloak with my actual (Spring Boot) application talking to Keycloak (version 9.0.0) running in a Docker container. However, when trying to do the same in my integration test, I get a FORBIDDEN status with the following response:

{"error":"unknown_error"}

My realm is setup by importing a realm export.

I do notice that when I do this:

            Keycloak keycloakAdminClient = KeycloakBuilder.builder()
                                                          .serverUrl(KEYCLOAK_CONTAINER.getAuthServerUrl())
                                                          .realm("master")
                                                          .clientId("admin-cli")
                                                          .username(KEYCLOAK_CONTAINER.getAdminUsername())
                                                          .password(KEYCLOAK_CONTAINER.getAdminPassword())
                                                          .build();
            RealmResource realm = keycloakAdminClient.realm("private-drivers");
            RealmRepresentation realmRepresentation = realm.toRepresentation();
            System.out.println("realmRepresentation = " + realmRepresentation);
            ClientsResource clients = realm.clients();
            List<ClientRepresentation> byClientId = clients.findByClientId("private-drivers-backend-service");
            ClientRepresentation clientRepresentation = byClientId.get(0);
            System.out.println("secret = " + clientRepresentation.getSecret());


Then the secret that is printed is `null`. I see in the realm-export.json that the secret is in the file as:

"secret": "**********"

Is it normal that there are all these asteriks there ?

I also tried to update the client secret using the admin client at the beginning of the unit test like this (using the above keycloakAdminClient):

            String secret = UUID.randomUUID().toString();
            clientRepresentation.setSecret(secret);
            clients.get(clientRepresentation.getId()).update(clientRepresentation);

But that does not seem to change anything.

I have enabled DEBUG and even TRACE logging in the container, but there is no stack trace there.

What else could I try to debug this further?

regards,

Wim

Wim Deblauwe

unread,
Apr 15, 2020, 8:50:13 AM4/15/20
to Keycloak User
I found a solution myself. I was using Keycloak 9.0.0 and exported the realm.json from the UI. However, due to https://github.com/keycloak/keycloak/pull/6313 (fixed in 9.0.1) this did not include the service account roles. I have now tested with Keycloak 9.0.3 with a new export and things are working fine now.

regards,

Wim

Op dinsdag 14 april 2020 23:03:20 UTC+2 schreef Wim Deblauwe:
Reply all
Reply to author
Forward
0 new messages