Why does Keycloak require upload_scripts to be enabled, when importing realms from a json file?

I’m running Keycloak in docker, and I wanted to have a realm json file to be imported on Keycloak container start up. So, I mounted a dir and provided the json file, which then Keycloak imports.

I define the import file setting the path to it via the KEYCLOAK_IMPORT env var.

This works perfectly, but requires me additionally to set
-Dkeycloak.profile.feature.upload_scripts=enabled via e.g. JAVA_OPTS_APPEND

Why is upload_scripts required, as I think the realm should be imported on init - so nothing to do with actual uploading scripts later on.

What can I do to achieve this without upload_scripts?

Worth reading


For me, I had to remove the default policies, as I had authorization enabled - which in turn added references to JS Authenticators and similar.