Creating user via API with hashedSaltedValue


I am trying to migrate users from a PostgreSQL table into KeyCloak. I figured it could be possible to create users in KeyCloak using the following REST endpoint: auth/admin/realms/{realm}/users

Currently I am able to create a user if I simply pass in the username. However, I would like to also be able to migrate their credentials, so I pass a JSON to that endpoint that looks something like this:

    "username": "test_user",
    "enabled": true,
    "credentials": [{
        "algorithm": "sha-1",
        "hashedSaltedValue": "4e8dc328ace9d8fd9048c40696461465bf16798b"

When I do this, the request goes through successfully with status code 201. However, I am unable to log in as this user, and if I try to list users either using the REST endpoint or through the admin panel I receive this error {"error":"unknown_error"} I am also unable to get details on this user directly, and I am also unable to delete this user.

Subsequently, I passed in "type" to the credential representation, and this time I was able to access the user through the admin interface, however I am unable to login using the appropriate password.

  1. It would be ideal if a system breaking request would be rejected instead of returning 201.
  2. Currently everything in the credential representation is marked as optional according to this doc ( could this be updated to reflect reality?

Asides from that, could someone tell me how to properly create a new user given the hashedSaltedValue, or otherwise?

Thank you!

1 Like

Hi ASTP001,

From what I gather, its not possible to do that yet with Keycloak. To get around it Iā€™m putting the credentials directly into the CREDENTIAL table after creating the user.



1 Like