jeremy.raf
jeremy.raf

Reputation: 93

Failing to create user with password via Keycloak Rest API

I'm trying to migrate users from existing database. Passwords are encrypted with sha512. I use Keycloak 10 with the REST API.

I have read the CredentialRepresentation and y Have try put JSON into the strings for attributes secretData and credentialData.

My post user (with correct Authorization) return "error": "unknown_error".

POST <someDomain>/auth/admin/realms/assure/users
{
"firstName": "test_encrypte",
"lastName":"test_encrypte", 
"email":"[email protected]", 
"credentials": [{
    "type":"password",
            "credentialData" : "{\"value\":\"fdVjg7Ed/dck1eSGobCHG4JtObyE3BNE3xZhCuuJ0PpmGB4d/OO+t0C5PwYhtOnUV++X2Jh0xmNdNu+sTkt4Bw==\",\"salt\":\"98cj35ZuYZR7S6N.MvZ2lA/UYfWAztXfF.nm/hFIQso\"}",
    "secretData": "{\"algorithm\":\"sha512\",\"hashIterations\":1}"
}],
"username":"encrypt",
"emailVerified": false,
"enabled": true,
"attributes": {"assureId":"10406440"}
}

I using keycloak standalone.

My request

Upvotes: 3

Views: 3706

Answers (2)

dreamcrash
dreamcrash

Reputation: 51553

You have some issues with your JSON, first instead of :

"secretData": "{\"algorithm\":\"sha512\",\"hashIterations\":1}"

it is:

"credentialData": "{\"algorithm\":\"sha512\",\"hashIterations\":1}"

as you can check in the Keycloak open source repo.

and instead of

"credentialData" : "{\"value\":\"fdVjg7Ed/dck1eSGobCHG4JtObyE3BNE3xZhCuuJ0PpmGB4d/OO+t0C5PwYhtOnUV++X2Jh0xmNdNu+sTkt4Bw==\",\"salt\":\"98cj35ZuYZR7S6N.MvZ2lA/UYfWAztXfF.nm/hFIQso\"}",

is actually:

"secretData" : "{\"value\":\"fdVjg7Ed/dck1eSGobCHG4JtObyE3BNE3xZhCuuJ0PpmGB4d/OO+t0C5PwYhtOnUV++X2Jh0xmNdNu+sTkt4Bw==\",\"salt\":\"98cj35ZuYZR7S6N.MvZ2lA/UYfWAztXfF.nm/hFIQso\"}",

as you can check in the Keycloak open source repo.

Finally, the salt value has to be base 64 encoded so instead of

98cj35ZuYZR7S6N.MvZ2lA/UYfWAztXfF.nm/hFIQso\

it has to be:

OThjajM1WnVZWlI3UzZOLk12WjJsQS9VWWZXQXp0WGZGLm5tL2hGSVFzbw==

The Json that you are looking for is :

{
  "firstName": "test_encrypte",
  "lastName": "test_encrypte",
  "email": "[email protected]",
  "credentials": [
    {
      "type": "password",
      "secretData": "{\"value\":\"fdVjg7Ed/dck1eSGobCHG4JtObyE3BNE3xZhCuuJ0PpmGB4d/OO+t0C5PwYhtOnUV++X2Jh0xmNdNu+sTkt4Bw==\",\"salt\":\"OThjajM1WnVZWlI3UzZOLk12WjJsQS9VWWZXQXp0WGZGLm5tL2hGSVFzbw==\"}",
      "credentialData": "{\"algorithm\":\"sha512\",\"hashIterations\":1}"
    }
  ],
  "username": "encrypt",
  "emailVerified": false,
  "enabled": true,
  "attributes": {
    "assureId": "10406440"
  }
}

Upvotes: 2

jeremy.raf
jeremy.raf

Reputation: 93

For information, I found the problem: these two lines are not identical :

credentialData": "{​​​​​​​\"algorithm\":\"sha512\",\"hashIterations\":1}​​​​​​​"

"credentialData": "{\"algorithm\":\"sha512\",\"hashIterations\":1}"

If I compare them with Character Code Finder The decimal codes are differents. for exemple my } code is "125, 8203, 8203, 8203, 8203, 8203, 8203, 8203" and your is "125".

PS : sorry for my english, I am french.

@dreamcrash : Thank you for you very much for your time

Upvotes: 0

Related Questions