Getting javax.ws.rs.NotAuthorizedException: HTTP 401 Unauthorized while trying to create new user in keycloak with spring boot service.
In KeycloakConfig class. it is breaking during creating keycloak instance with HTTP 401 Unauthorized. "message": "javax.ws.rs.NotAuthorizedException: HTTP 401 Unauthorized",
Am I missing anything? I dont have any extra role configuration in the keycloak client or realm role.
I was thinking to add ".authorization(...) in KeycloakBuilder.builder but I'm not sure what to specify.
public static Keycloak getInstance(User user) { if (keycloak == null) { keycloak = KeycloakBuilder.builder() .serverUrl("") .realm("myrealm") .username(user.getUsername()).password(user.getPassword()) .grantType(OAuth2Constants.PASSWORD) .clientId("myclient") .clientSecret("0a53569564d2a748a0a5482699") .resteasyClient(new ResteasyClientBuilder().connectionPoolSize(10).build()).build(); } return keycloak; }In service class
UsersResource usersResource = KeycloakConfig.getInstance(user).realm("myrealm").users(); CredentialRepresentation credentialRepresentation = createPasswordCredentials(user.getPassword()); UserRepresentation kcUser = new UserRepresentation(); kcUser.setUsername(user.getEmail()); kcUser.setCredentials(Collections.singletonList(credentialRepresentation)); kcUser.setFirstName(user.getFirstName()); kcUser.setLastName(user.getLastName()); kcUser.setEmail(user.getEmail()); kcUser.setEnabled(true); kcUser.setEmailVerified(false); javax.ws.rs.core.Response response = usersResource.create(kcUser); System.out.println("kcUser: " + kcUser.toString()); System.out.printf("Repsonse: %s %s%n", response.getStatus(), response.getStatusInfo());in properties file
keycloak.realm=myrealm
keycloak.auth-server-url=
keycloak.resource=myclient
keycloak.credentials.secret=0a5356444d26a748a0a5482699
keycloak.ssl-required= external
keycloak.use-resource-role-mappings= true
keycloak.bearer-only=true
keycloak.principal-attribute=preferred_username 2 Answers
Due to missing imports I assume that KeycloakBuilder is comming from package org.keycloak.admin.client.KeycloakBuilder
Based on your provided code examples you are trying to instantiate a Keycloak instance with an user you just want to create. That user is lack of the privileges to create a new user.
That said you need to create an Keycloak instance with an user that has admin rights / roles. At least "manage-users, view-clients, view-realm, view-users"
keycloak = KeycloakBuilder.builder() .serverUrl(KEYCLOAK_SERVER_URL) .realm("master") .clientId("admin-cli") .username("admin") .password("admin") .build();With admin access you are able to create users for several realms.
// Create a new user final UserRepresentation newUser = new UserRepresentation(); newUser.setUsername("username"); newUser.setFirstName("fristname"); newUser.setLastName("lastname"); newUser.setEmail(""); newUser.setEnabled(true); // Now you need to get the realm you want the user to add to and the user ressource final UserResource realm = keycloak.realm("nameOfTheRealm").users(); // Create the user for the realm final Response createUserResponse = userRessource.create(newUser); // check response if everything worked as expected Make sure the admin account is created under 'myrealm'. You cannot use the default admin account (master realm) to create the user for 'myrealm'