Reputation: 10095
Unable to create a new user using keycloak: 403 unknown_error
This question has been asked before but none of the solutions has worked for me. I've created a bash script to register a new user on my key cloak server. The bashscript is shown below:
#!/bin/sh
RESULT=$(curl -s --location --request POST 'http://localhost:8180/auth/realms/master/protocol/openid-connect/token' --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'grant_type=client_credentials' --data-urlencode 'client_id=admin-cli' --data-urlencode 'client_secret=12345678-12a3-1234-bc12-d12345678910');
TOKEN=$(echo $(echo "$RESULT" | jq .access_token))
TOKEN=$(echo "${TOKEN//\"}")
echo "$TOKEN\n\n"
USER=$(curl --location -v --request POST 'http://localhost:8180/auth/admin/realms/MyMarketplace/users' --header 'Content-Type: application/json' --header "Authorization: Bearer $TOKEN" --data-raw '{"enabled":"true", "username":"app-user"}');
echo $USER;
When I run this script, I keep getting the following output:
HTTP/1.1 403 Forbidden
< Connection: keep-alive
< X-XSS-Protection: 1; mode=block
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< Content-Type: application/json
< Content-Length: 25
< Date: Fri, 17 Jul 2020 20:11:40 GMT
<
{ [25 bytes data]
100 66 100 25 100 41 974 1597 --:--:-- --:--:-- --:--:-- 1640
* Connection #0 to host localhost left intact
{"error":"unknown_error"}
I'm not sure why. Here's what I've tried:
- I've made sure that the URL that I'm sending the request to is correct.
- I've made sure that the username is unique and that I've provided all mandatory fields.
- In the MyMarketplace realm, I added a realm role 'admin' with a client role 'manage-users' from client 'realm-management' and I assigned this realm role to my client's scope (as per the steps given in this answer)
- In the Master realm, I assigned the manage-users role to the client
admin-cli's scope.
None of these has yielded any results so I've run out of options. I would greatly appreciate it if someone could help me understand what I'm missing.
Upvotes: 5
Views: 5385
Answers (2)
Reputation: 74
use http://localhost:8180/auth/realms/MyMarketplace/protocol/openid-connect/token to obtain access_token and give admin-cli client manage-users role from realm-management client in Service Account Roles and then call http://localhost:8180/auth/admin/realms/MyMarketplace/users with access token in header and "enabled": true, "username": "user" body.
make sure your enabled boolean look like this one and dont use "" I think keycloak reads your request as String.
I think it will fix your problem.
Upvotes: 4
Reputation: 28626
Use and configure admin-cli client as you did, but in MyMarketplace realm. Don't use the master realm.
Upvotes: 1
Related Questions
- Can't create initial admin user in keycloak
- Can't create Keycloak 17.0.0 admin user
- cannot create user in the keycloak. Getting 403 status
- Keycloak API to create users returns a 403 Forbidden
- Keycloak API createUser Java
- Not able to create user using keycloak api
- Keycloak create new user fails
- Facing issue while creating user using Keycloak Java client
- 403 during user creation using keycloak-admin-client
- Cannot create user in Keycloak with keycloak-admin-client