Home > Software engineering >  Keycloak Admin Java Adapter 401 Unauthorised despite all roles
Keycloak Admin Java Adapter 401 Unauthorised despite all roles

Time:04-29

I'm using Keycloak api but i have the following problem : In "master" i have a realm named "foo" (which appears as a client under the name "foo-realm")

master>foo-realm (foo)

In "foo" i have a client named "client".

In "master" i have a user named "client-admin".

I want to be able to use the api to query and update users info in "client" using "client-admin" which is in the master.

"client-admin" has all roles for "foo-realm" (query-users, manage-realm etc..) and appears in the "users in role" list for "foor-realm".

However i can't make it work with the api :

KeycloakBuilder.builder()
            .serverUrl("serverUrl")
            .realm("master")
            .grantType(OAuth2Constants.PASSWORD)
            .clientId("foo-realm")
            .username("client-admin")
            .password("client-admin-password").build().realm("foo").users().list()

I get javax.ws.rs.NotAuthorizedException: HTTP 401 Unauthorized from this.

The api is working as we used to query "client" with a user directly created into "foo" (see bellow snippet). But we are having problems with the password update policy so now we want the user to be in "master". I think i did not do the roles attribution right but i don't understand what's wrong.

    KeycloakBuilder.builder()
            .serverUrl("serverUrl")
            .realm("foo")
            .grantType(OAuth2Constants.PASSWORD)
            .clientId("client-id")
            .clientSecret("client")
            .username("admin-in-foo")
            .password("admin-in-foo-password").build().realm("foo").users().list()

I have also tried this but still i get a 401 unauthorized

    KeycloakBuilder.builder()
                .serverUrl("serverUrl")
                .realm("foo")
                .grantType(OAuth2Constants.PASSWORD)
                .clientId("client")
                .clientSecret("client-secret")            
                .username("client-admin")
                .password("client-admin-password").build().realm("foo").users().list()

Any help would be welcome. Thanks for reading.

CodePudding user response:

OK i found the answer. I had to query the "admin-cli" client into "master" as shown below :

KeycloakBuilder.builder()
        .serverUrl("serverUrl")
        .realm("master")
        .grantType(OAuth2Constants.PASSWORD)
        .clientId("admin-cli")
        .username("client-admin")
        .password("client-admin-password").build().realm("foo").users().list()

Page link:https//www.codepudding.com/Softwareengineering/389401.html

Prev:I want to send multiple email request at a time using smtp in console application .how I can send bu
Next:How to stop auto-generation of log files by cron?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding