KC-SERVICES0013: Failed authentication: org.keycloak.storage.ReadOnlyException:

keycloak560 · October 31, 2023, 7:18pm

Hi Team,

We have insalllted keycloak standalone version 21.1.0 on window server 2019, and configured user federation with Microsoft AD. we are trying to enable google authentication (CONFIGURE_TOTP) on keycloak but keycloak trying to write user attributes and action ON microsoft AD LDAP. Keycloak server providing below error.
KC-SERVICES0013: Failed authentication: org.keycloak.storage.ReadOnlyException: Not possible to write ‘required action CONFIGURE_TOTP’ when updating user ‘xxxxxx@xxxxxxx.com’. Along with we have added user attributes in microsoft AD LDAP and added new attributes not visiable on keycloak. so how can keycloak write issue will be solved.

dasniko · October 31, 2023, 9:29pm

I don’t know your AD User Federation configuration, but most probably, you have set the “Edit Mode” to READ_ONLY.
To be able to store data in Keycloak, like required actions and other user attributes, you should set it to UNSYNCED.

Topic		Replies	Views
OTP for read only federated users Getting advice	4	1266	May 31, 2022
Cannot save attributes for LDAP user Configuring the server	0	257	November 9, 2023
User storage federation provider - writable edit mode Extending the server user-federation	1	1483	August 6, 2021
User Federation Troubles Getting advice user-federation , ldap	11	8738	February 4, 2022
Custom UserStorageProvider: user is read only using "Edit Account" Extending the server user-federation	3	2581	January 6, 2023

KC-SERVICES0013: Failed authentication: org.keycloak.storage.ReadOnlyException:

Related Topics