Keycloak 17 : upgrade : 401 when using KeyCloakAdmin to get list of realms

jeffreyporter · February 21, 2022, 12:46pm

I’m using keycloak-admin-client-17.0.0.jar and the org.keycloak.admin.client.Keycloak class.

In version 16 I was able to use this code to get back the list of realms.

In 17 I get following stack trace.

CODE

Optional<RealmRepresentation> representationOptional = keycloakAdmin.realms().findAll().stream() .filter(r -> r.getRealm().equals(COMPANY_SERVICE_REALM_NAME)).findAny();

STACK TRACE

Caused by: javax.ws.rs.NotAuthorizedException: HTTP 401 Unauthorized
	at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.handleErrorStatus(ClientInvocation.java:222) ~[resteasy-client-3.13.2.Final.jar:3.13.2.Final]
	at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.extractResult(ClientInvocation.java:196) ~[resteasy-client-3.13.2.Final.jar:3.13.2.Final]
	at org.jboss.resteasy.client.jaxrs.internal.proxy.extractors.BodyEntityExtractor.extractEntity(BodyEntityExtractor.java:62) ~[resteasy-client-3.13.2.Final.jar:3.13.2.Final]
	at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invokeSync(ClientInvoker.java:151) ~[resteasy-client-3.13.2.Final.jar:3.13.2.Final]
	at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invoke(ClientInvoker.java:112) ~[resteasy-client-3.13.2.Final.jar:3.13.2.Final]
	at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientProxy.invoke(ClientProxy.java:76) ~[resteasy-client-3.13.2.Final.jar:3.13.2.Final]
	at com.sun.proxy.$Proxy138.grantToken(Unknown Source) ~[na:na]
	at org.keycloak.admin.client.token.TokenManager.grantToken(TokenManager.java:90) ~[keycloak-admin-client-17.0.0.jar:17.0.0]
	at org.keycloak.admin.client.token.TokenManager.getAccessToken(TokenManager.java:70) ~[keycloak-admin-client-17.0.0.jar:17.0.0]
	at org.keycloak.admin.client.token.TokenManager.getAccessTokenString(TokenManager.java:65) ~[keycloak-admin-client-17.0.0.jar:17.0.0]
	at org.keycloak.admin.client.resource.BearerAuthFilter.filter(BearerAuthFilter.java:52) ~[keycloak-admin-client-17.0.0.jar:17.0.0]
	at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.filterRequest(ClientInvocation.java:579) ~[resteasy-client-3.13.2.Final.jar:3.13.2.Final]
	... 12 common frames omitted

I can see the code comes down to this section…

tokenService.grantToken(config.getRealm(), form.asMap());

The params passed in look correct. ‘master’ for the realm, the map contains the same as I had in 16.

(This is a test, so the password and username are as expected)

I presume there must be a setting on the Master realm to allow a Service type account, or something else I’m missing that was enabled in 16, but is not in 17.

Can someone help?

Topic		Replies	Views
Keycloak Admin Client in Spring Boot	6	31764	June 18, 2021
Keycloak admin api	0	433	November 9, 2020
Cannot retrieve realm keys with Spring Boot client Securing applications	3	4006	August 19, 2021
Operations using java keycloak admin client results in 404 error	0	424	January 20, 2023
Create User with Keycloak rest API Getting advice	5	7320	March 28, 2023

Keycloak 17 : upgrade : 401 when using KeyCloakAdmin to get list of realms

Related Topics