Error 400 when trying to reset user password on Red Hat SSO 7.3 (Keycloak) with Java API

I’m trying to create a user with a temporary password on Red Hat Single Sign On 7.3 (Keycloak behind the scene) through Java API.

Locally (with standard Keycloak, jboss/keycloak:9.0.0 Docker image), it is working fine. But when deploying the same on Openshift 4.4 project, I get a 400 error from Red Hat SSO (7.3). Unfortunately, I have not so much in the log and I don’t have possibility to configure anything on the Red Hat SSO server for it to be more verbose.

On the Red Hat SSO server, a dedicated “keycloak-admin” client has been created in the application Realm. Client is enabled with only “Service Accounts Enabled” option to ON. In “Service Account Roles”, all roles from “realm-management” have been assigned and are effective.

I’m using this Maven dependency to deal with Keycloak Java API:


Here is how I create connection with Keycloak through Java code:

Keycloak keycloak = KeycloakBuilder.builder()
                new ResteasyClientBuilder()
RealmResource realmResource = keycloak.realm("app_realm");

Client secret set is matching with secret in the “keycloak-admin” client in “Credentials” part.

Here is how I create user through Java code :

final UserRepresentation user = new UserRepresentation();

try {
   final Response response = realmResource.users().create(user);
   final String userId = CreatedResponseUtil.getCreatedId(response);
} catch (final Exception exception) {
   log.error("Exception when createKeycloakUser",exception);

This part is working fine locally and also in Red Hat SSO. User is created and can be retrieved on Keycloak.

Then I try to reset password like this:

final UserResource userResource = realmResource.users().get(userId );

final CredentialRepresentation passwordCred = new CredentialRepresentation();

generateRandomPassword is a method generating a random password which matches with password policies defined on local Keycloak and on Red Hat SSO (Authentication/Password Policy).

This last part of the code is working fine locally but I get the 400 error on Red Hat SSO.

For you to know, I also try to create user with password directly but behavior is exactly the same. I also make a try with a connection to Keycloak using “admin-cli” client and admin account but issue remains.

Thanks in advance for all help or advices you could provide ! I’m stuck on that and have no more idea for now…

For your information, same question was raised on stackoverflow here: