For a test environment, I'm running image: quay.io/keycloak/keycloak:${KEYCLOAK_VERSION}
in docker compose and have an init script similar to the following (the container is reinited every time - this is not an upgrade question in that sense):
#!/bin/sh
set -xe
export KEYCLOAK_HOME=/opt/keycloak
PATH="$PATH:$KEYCLOAK_HOME/bin"
cd "$KEYCLOAK_HOME"/bin
REALM=testing
DEFAULT_PASSWORD=admin_password
HOST=keycloak
PORT=8080
./kcadm.sh config credentials \
--server http://$HOST:$PORT \
--realm master \
--user admin \
--password admin
./kcadm.sh create realms -s "realm=$REALM" -s "enabled=true"
ADMIN_UID=$(./kcadm.sh create users -r $REALM -s "username=admin" -i)
./kcadm.sh add-roles -r $REALM --uusername admin --cclientid realm-management --rolename realm-admin
./kcadm.sh update users/"$ADMIN_UID" -r $REALM -s "enabled=true"
./kcadm.sh update users/"$ADMIN_UID"/reset-password -r $REALM -s type=password -s value=$DEFAULT_PASSWORD -n
############################################
# Reconfigure to use the created realm admin
############################################
./kcadm.sh config credentials \
--server http://$HOST:$PORT \
--realm $REALM \
--user admin \
--password $DEFAULT_PASSWORD
# setup roles
# setup users
# setup clients
With KEYCLOAK_VERSION=23.0
this is working as expected, but for KEYCLOAK_VERSION=24.0
I get:
...
keycloak-setup-1 | + ./kcadm.sh config credentials --server http://keycloak:8080 --realm testing --user admin --password admin_password
keycloak-setup-1 | Logging into http://keycloak:8080 as user admin of realm testing
keycloak-1 | 2024-05-24 11:48:34,509 WARN [org.keycloak.events] (executor-thread-1) type="LOGIN_ERROR", realmId="29bee3da-666d-4db5-a16e-558db391412b", clientId="admin-cli", userId="null", ipAddress="10.89.0.173", error="resolve_required_actions", auth_method="openid-connect", grant_type="password", client_auth_method="client-secret", username="admin"
keycloak-setup-1 | Account is not fully set up [invalid_grant]
keycloak-setup-1 exited with code 1
service "keycloak-setup" didn't complete successfully: exit 1
Can someone point me to the actions that are required for keycloak 24, to be able to create and use a user using kcadm.sh? I checked the Release notes for breaking changes, pointing to User Profiles in the upgrade guide. However, I have not been able to locate information relevant for my issue.
When logging in to keycloak, the new user does not have any required actions:
Anyway, I also tried adding -s 'emailVerified=true' -s 'requiredActions=[]'
to the first update users
command above, without any change in the outcome. In case it has to do with the new user profile requirements, I also tried -s 'profileVerified=true'
, but that is not even an accepted attribute :-(
For me it worked by filling email, first name and last name