Reputation: 93
Failing to create user with password via Keycloak Rest API
I'm trying to migrate users from existing database. Passwords are encrypted with sha512. I use Keycloak 10 with the REST API.
I have read the CredentialRepresentation and y Have try put JSON into the strings for attributes secretData and credentialData.
My post user (with correct Authorization) return "error": "unknown_error".
POST <someDomain>/auth/admin/realms/assure/users
{
"firstName": "test_encrypte",
"lastName":"test_encrypte",
"email":"jeremy.rafflin@mail.fr",
"credentials": [{
"type":"password",
"credentialData" : "{\"value\":\"fdVjg7Ed/dck1eSGobCHG4JtObyE3BNE3xZhCuuJ0PpmGB4d/OO+t0C5PwYhtOnUV++X2Jh0xmNdNu+sTkt4Bw==\",\"salt\":\"98cj35ZuYZR7S6N.MvZ2lA/UYfWAztXfF.nm/hFIQso\"}",
"secretData": "{\"algorithm\":\"sha512\",\"hashIterations\":1}"
}],
"username":"encrypt",
"emailVerified": false,
"enabled": true,
"attributes": {"assureId":"10406440"}
}
I using keycloak standalone.
Upvotes: 3
Views: 3708
Answers (2)
Reputation: 51603
You have some issues with your JSON, first instead of :
"secretData": "{\"algorithm\":\"sha512\",\"hashIterations\":1}"
it is:
"credentialData": "{\"algorithm\":\"sha512\",\"hashIterations\":1}"
as you can check in the Keycloak open source repo.
and instead of
"credentialData" : "{\"value\":\"fdVjg7Ed/dck1eSGobCHG4JtObyE3BNE3xZhCuuJ0PpmGB4d/OO+t0C5PwYhtOnUV++X2Jh0xmNdNu+sTkt4Bw==\",\"salt\":\"98cj35ZuYZR7S6N.MvZ2lA/UYfWAztXfF.nm/hFIQso\"}",
is actually:
"secretData" : "{\"value\":\"fdVjg7Ed/dck1eSGobCHG4JtObyE3BNE3xZhCuuJ0PpmGB4d/OO+t0C5PwYhtOnUV++X2Jh0xmNdNu+sTkt4Bw==\",\"salt\":\"98cj35ZuYZR7S6N.MvZ2lA/UYfWAztXfF.nm/hFIQso\"}",
as you can check in the Keycloak open source repo.
Finally, the salt value has to be base 64 encoded so instead of
98cj35ZuYZR7S6N.MvZ2lA/UYfWAztXfF.nm/hFIQso\
it has to be:
OThjajM1WnVZWlI3UzZOLk12WjJsQS9VWWZXQXp0WGZGLm5tL2hGSVFzbw==
The Json that you are looking for is :
{
"firstName": "test_encrypte",
"lastName": "test_encrypte",
"email": "jeremy.rafflin@ageo.fr",
"credentials": [
{
"type": "password",
"secretData": "{\"value\":\"fdVjg7Ed/dck1eSGobCHG4JtObyE3BNE3xZhCuuJ0PpmGB4d/OO+t0C5PwYhtOnUV++X2Jh0xmNdNu+sTkt4Bw==\",\"salt\":\"OThjajM1WnVZWlI3UzZOLk12WjJsQS9VWWZXQXp0WGZGLm5tL2hGSVFzbw==\"}",
"credentialData": "{\"algorithm\":\"sha512\",\"hashIterations\":1}"
}
],
"username": "encrypt",
"emailVerified": false,
"enabled": true,
"attributes": {
"assureId": "10406440"
}
}
Upvotes: 2
Reputation: 93
For information, I found the problem: these two lines are not identical :
credentialData": "{\"algorithm\":\"sha512\",\"hashIterations\":1}"
"credentialData": "{\"algorithm\":\"sha512\",\"hashIterations\":1}"
If I compare them with Character Code Finder The decimal codes are differents. for exemple my } code is "125, 8203, 8203, 8203, 8203, 8203, 8203, 8203" and your is "125".
PS : sorry for my english, I am french.
@dreamcrash : Thank you for you very much for your time
Upvotes: 0
Related Questions
- Unknown error while creating client using Keycloak REST API
- Keycloak Get Users returns 403 forbidden
- How can I create a user with a password in Keycloak using the REST API?
- How to Create User with REST Post Request in KeyCloak?
- Keycloak API to create users returns a 403 Forbidden
- Can't create Role using Keycloak REST API
- Not able to create user using keycloak api
- Unable to create a new user using keycloak: 403 unknown_error
- Create user in keycloak through keycloak admin client returns IllegalArgumentException
- Unable to set user credential using Keycloak admin api