Keycloak HTTP 401 Unauthorized while creating new user using spring boot service

Getting javax.ws.rs.NotAuthorizedException: HTTP 401 Unauthorized while trying to create new user in keycloak with spring boot service.

In KeycloakConfig class. it is breaking during creating keycloak instance with HTTP 401 Unauthorized. "message": "javax.ws.rs.NotAuthorizedException: HTTP 401 Unauthorized",

Am I missing anything? I dont have any extra role configuration in the keycloak client or realm role.
I was thinking to add ".authorization(...) in KeycloakBuilder.builder but I'm not sure what to specify.

public static Keycloak getInstance(User user) { if (keycloak == null) { keycloak = KeycloakBuilder.builder() .serverUrl("") .realm("myrealm") .username(user.getUsername()).password(user.getPassword()) .grantType(OAuth2Constants.PASSWORD) .clientId("myclient") .clientSecret("0a53569564d2a748a0a5482699") .resteasyClient(new ResteasyClientBuilder().connectionPoolSize(10).build()).build(); } return keycloak; }

In service class

UsersResource usersResource = KeycloakConfig.getInstance(user).realm("myrealm").users(); CredentialRepresentation credentialRepresentation = createPasswordCredentials(user.getPassword()); UserRepresentation kcUser = new UserRepresentation(); kcUser.setUsername(user.getEmail()); kcUser.setCredentials(Collections.singletonList(credentialRepresentation)); kcUser.setFirstName(user.getFirstName()); kcUser.setLastName(user.getLastName()); kcUser.setEmail(user.getEmail()); kcUser.setEnabled(true); kcUser.setEmailVerified(false); javax.ws.rs.core.Response response = usersResource.create(kcUser); System.out.println("kcUser: " + kcUser.toString()); System.out.printf("Repsonse: %s %s%n", response.getStatus(), response.getStatusInfo());

in properties file

keycloak.realm=myrealm
keycloak.auth-server-url=
keycloak.resource=myclient
keycloak.credentials.secret=0a5356444d26a748a0a5482699
keycloak.ssl-required= external
keycloak.use-resource-role-mappings= true
keycloak.bearer-only=true
keycloak.principal-attribute=preferred_username

2 Answers

Due to missing imports I assume that KeycloakBuilder is comming from package org.keycloak.admin.client.KeycloakBuilder

Based on your provided code examples you are trying to instantiate a Keycloak instance with an user you just want to create. That user is lack of the privileges to create a new user.

That said you need to create an Keycloak instance with an user that has admin rights / roles. At least "manage-users, view-clients, view-realm, view-users"

 keycloak = KeycloakBuilder.builder() .serverUrl(KEYCLOAK_SERVER_URL) .realm("master") .clientId("admin-cli") .username("admin") .password("admin") .build();

With admin access you are able to create users for several realms.

// Create a new user final UserRepresentation newUser = new UserRepresentation(); newUser.setUsername("username"); newUser.setFirstName("fristname"); newUser.setLastName("lastname"); newUser.setEmail(""); newUser.setEnabled(true); // Now you need to get the realm you want the user to add to and the user ressource final UserResource realm = keycloak.realm("nameOfTheRealm").users(); // Create the user for the realm final Response createUserResponse = userRessource.create(newUser); // check response if everything worked as expected

Make sure the admin account is created under 'myrealm'. You cannot use the default admin account (master realm) to create the user for 'myrealm'

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like