Reputation: 1847
Import realm in Keycloak:18.x
I cannot import any realms into Keycloak 18.0.0. That's the Quarkus, and not the Wildfly distribution anymore. Documentation here says it should be pretty simple, and by mounting my exported realm.json file into /opt/keycloak/data/import/...json it actually TRIES to import it, but it ends with :
"[org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Script upload is disabled".
Known to be removed, and the old -Dkeycloak.profile.feature.upload_scripts=enabled won't work anymore. OK.
But then what's the way to do import any realms on startup? That'd be used to distribute a ready-made local stack without any handcrafting needed to launch. I could do it with running SQL commands, but that's way too hacky to my taste.
Compose file :
cp-keycloak:
image: quay.io/keycloak/keycloak:18.0.0
environment:
KC_DB: mysql
KC_DB_URL: jdbc:mysql://cp-keycloak-database:3306/keycloak
KC_DB_USERNAME: root
KC_DB_PASSWORD: root
KC_HOSTNAME: localhost
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: admin
ports:
- 8082:8080
volumes:
- ./data/local_stack/init.keycloak.json:/opt/keycloak/data/import/main-realm.json:ro
entrypoint: "/opt/keycloak/bin/kc.sh start-dev --import-realm"
The output :
cp-keycloak_1 | 2022-05-05 14:07:26,801 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Failed to start server in (development) mode
cp-keycloak_1 | 2022-05-05 14:07:26,802 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Failed to import realm: Main-Realm
cp-keycloak_1 | 2022-05-05 14:07:26,803 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Script upload is disabled
Thanks
Upvotes: 18
Views: 24265
Answers (3)
Reputation: 1397
For me only changing the js policy to regex policy for Keycloak 24.0.4 worked and is cleaner for this Default Policy IMO.
{
"id": "b56eebd7-8e73-4449-b110-30dfdbc77f03",
"name": "Default Policy",
"description": "A policy that grants access only for users within this realm",
"type": "js",
"logic": "POSITIVE",
"decisionStrategy": "AFFIRMATIVE",
"config": {
"code": "// by default, grants any permission associated with this policy\n$evaluation.grant();\n"
}
},
for:
{
"id": "b56eebd7-8e73-4449-b110-30dfdbc77f03",
"name": "Default Policy",
"description": "A policy that grants access only for users within this realm",
"type": "regex",
"logic": "POSITIVE",
"decisionStrategy": "AFFIRMATIVE",
"config": {
"targetContextAttributes" : "false",
"pattern" : ".*",
"targetClaim" : "sub"
}
},
Upvotes: 4
Reputation: 138
In my case was enough to remove the empty code key from the default policy. Removing the policy as mentioned in the link from @dreamcrash made the import fail since it was required by one of my clients.
Just changed on the realm-export.json:
{
"id": "b56eebd7-8e73-4449-b110-30dfdbc77f03",
"name": "Default Policy",
"description": "A policy that grants access only for users within this realm",
"type": "js",
"logic": "POSITIVE",
"decisionStrategy": "AFFIRMATIVE",
"config": {
"code": "// by default, grants any permission associated with this policy\n$evaluation.grant();\n"
}
},
for:
{
"id": "b56eebd7-8e73-4449-b110-30dfdbc77f03",
"name": "Default Policy",
"description": "A policy that grants access only for users within this realm",
"type": "js",
"logic": "POSITIVE",
"decisionStrategy": "AFFIRMATIVE",
"config": {}
},
PD: Im using keycloak 20.0.3.
Upvotes: 5
Reputation: 51393
This might be caused because inside of your realm .json there is references to some configuration that is using the deprecated upload script feature.
Try to removed it, export the json and them try to imported again (this time without the upload script feature.
From the comments (credits to jfrantzius):
See here for what you either need to remove or replace in your realm-export.json: https://github.com/keycloak/keycloak/issues/11664#issuecomment-1111062102 . We had to replace the entries, see also here https://github.com/keycloak/keycloak/discussions/12041#discussioncomment-2768768
Upvotes: 21
Related Questions
- Keycloak 17.0.1 Import Realm on Docker / Docker-Compose Startup
- How to load initial realm in keycloak server with docker?
- Keycloak: missing realm public key
- Default custom realm in keycloak
- Import realm from old version to new Keycloak version
- Create Keycloak deployment with imported realm configuration
- How to import Multiple realm in keycloak?
- Keycloak fails to import exported realm running in docker
- How to export realm file into keycloak docker container?
- Keycloak Import Realm "Create" From Java?