"Attempt to edit denied attribute" error on user registration with Active Directory federation

I’m currently trying to setup federation with my AD server and I’m getting an error I’m not sure how to fix.

2022-12-01 05:08:50,549 WARN  [org.keycloak.userprofile.validator.ReadOnlyAttributeUnchangedValidator] (executor-thread-25) Attempt to edit denied attribute '(?i:^\QKERBEROS_PRINCIPAL\E$|^\QLDAP_ID\E$|^\QLDAP_ENTRY_DN\E$|^\QCREATED_TIMESTAMP\E$|^\QcreateTimestamp\E$|^\QmodifyTimestamp\E$|^\QuserCertificate\E$|^\Qsaml.persistent.name.id.for.\E.*$|^\QENABLED\E$|^\QEMAIL_VERIFIED\E$|^\QdisabledReason\E$)' of user 'testuser'
2022-12-01 05:08:50,549 WARN  [org.keycloak.userprofile.validator.ReadOnlyAttributeUnchangedValidator] (executor-thread-25) Attempt to edit denied attribute '(?i:^\QKERBEROS_PRINCIPAL\E$|^\QLDAP_ID\E$|^\QLDAP_ENTRY_DN\E$|^\QCREATED_TIMESTAMP\E$|^\QcreateTimestamp\E$|^\QmodifyTimestamp\E$|^\QuserCertificate\E$|^\Qsaml.persistent.name.id.for.\E.*$|^\QENABLED\E$|^\QEMAIL_VERIFIED\E$|^\QdisabledReason\E$)' of user 'testuser'

Any advice on how to resolve this error would be greatly appreciated!

Hi!
I’m following the same way and ran into the same problems. I was getting the same errors when a user opens an account console. I solved this error by setting Audience in Client Scopes - here an example.
But immediately ran into another problem - Error response 403: org.keycloak.services.ForbiddenException.
The next step I added default role “account manage-account” to all users in Realm Settings → User registration. Asign role - Filter by clients - “account manage-account”.

Hi,
I am encountering a similar problem. I have my own custom User SPI (in case this is critical). I have assigned the scope and role as described. I still get the WARNING (even though the user is created).

Any ideas on how we can remove this warning?