Reputation: 21
401 when accessing newly created realm in Keycloak
I have an installation service so I can programmatically create a new tenant which includes setting up a Keycloak Realm.
In order to do this, I am using the Keycloak.Net.Core library and I have written the following code:
public async Task InstallKeycloakRealmAsync(string realmIdentifier, CreateOrganizationRequest createOrganizationRequest)
{
var client = new KeycloakClient("https://auth.dronenet.ai", Environment.GetEnvironmentVariable("DRONENET_KEYCLOAK_USERNAME"), Environment.GetEnvironmentVariable("DRONENET_KEYCLOAK_PASSWORD"));
var realm = new Realm
{
Enabled = true,
EditUsernameAllowed = true,
RememberMe = true,
ResetPasswordAllowed = true,
_Realm = realmIdentifier,
UserManagedAccessAllowed = true
};
try
{
var succeeded = await client.ImportRealmAsync("master", realm);
if (!succeeded)
{
throw new KeycloakRealmImportFailedException(realmIdentifier);
}
}
catch (Exception ex)
{
_logger.LogError(ex, "Failed to create keycloak realm.");
throw new KeycloakRealmImportFailedException(realmIdentifier);
}
try
{
var createUserSucceeded = await client.CreateUserAsync(realm._Realm, new User
{
UserName = createOrganizationRequest.Credentials.Username,
Email = createOrganizationRequest.Credentials.Email,
Enabled = false,
FirstName = createOrganizationRequest.Contacts.Owner.Name.Split(" ")[0],
LastName = createOrganizationRequest.Contacts.Owner.Name.Contains(" ")
? createOrganizationRequest.Contacts.Owner.Name.Split(" ")[1]
: null,
Credentials = new[]
{
new Credentials
{
Type = "password",
Value = createOrganizationRequest.Credentials.Password,
Temporary = false
}
}
});
if (!createUserSucceeded)
{
throw new KeycloakCreateUserFailedException(realm._Realm,
createOrganizationRequest.Credentials.Username);
}
}
catch (Exception ex)
{
_logger.LogError(ex, "Failed to create keycloak user.");
throw new KeycloakCreateUserFailedException(realm._Realm,
createOrganizationRequest.Credentials.Username);
}
try
{
var createClientSucceeded = await client.CreateClientAsync(realmIdentifier, new Client
{
Enabled = true,
Name = "dronenet",
ClientId = "dronenet",
RedirectUris = new[] {"http://localhost:8080", "http://localhost:8081", "https://dronenet.ai"},
WebOrigins = new[] {"*"}
});
if (!createClientSucceeded)
{
throw new KeycloakCreateClientFailedException(realmIdentifier);
}
}
catch (Exception ex)
{
_logger.LogError(ex, "Failed to create keycloak client.");
throw new KeycloakCreateClientFailedException(realmIdentifier);
}
}
The realm is successfully created, however, the creation of the user fails with a 401 Unauthorized, which I don't except because I am authenticating with the main account that has access to all of the realms. Of course, I do believe it has to do with the fact that the scope may be insufficient through the API in comparison to when you use it through the admin UI Panel, however, I don't know how to gain access to the realm to successfully set up the user and client, as I am unable to create a new user which would have sufficient access. I fiddled around with my account settings.
Any ideas?
Upvotes: 0
Views: 24
Answers (0)
Related Questions
- Mapping user groups to JWT in keycloak maps realm roles instead
- Grant a Keycloak client service account permissions to create realm users without using the broad manage-users role
- Keycloak redirect page shows We are sorry.. page not found
- spring boot rest app secured by keycloak 18 return always error 401 Unauthorized
- Unable to assign realm Role to a newly created Keycloak User via Admin REST API
- Am getting status code 401 when access Keycloak users list even after adding realm-management roles
- Newly added admin of realm can't login to the realm in Keycloak
- 403 status when creating realm and user using service account from master realm - Keycloak