19

I am trying to get the REST API of keycloak to work.

Thanks to this post I was able to get the token. But when trying the example for the list of users in the first answer, I get the error:

"error": "RESTEASY003210: Could not find resource for full path: http://PATHTOCEAKLOAK:81/auth/user/realms/master/users"

Here my request with Postman:

enter image description here

As I am using a Bitnami-container the admin is called user that's why I am using /auth/user/ instead of /auth/admin/

flololan
  • 373
  • 1
  • 2
  • 13
  • 2
    Is the "serviceAccountsEnabled" activated on your client ? – TacheDeChoco Jan 04 '22 at 17:06
  • 1
    Also make sure your "user" has sufficient privilege to manage realm users. – TacheDeChoco Jan 04 '22 at 17:12
  • Thanks, I changed the access type for "admin-cli" to confidential and was now able to activate the option "SeviceAccountsEnabled". In Role Mapping for "user" it already had admin, just to try I added the other available roles (create-realm, uma_authorization, offline_access) but I still get the same error. I really appreciate your help. – flololan Jan 04 '22 at 18:05

5 Answers5

68

For those who are still facing this error and using 17.0+ version of Keycloak, there's a change in endpoints as per the official documentation. I resolved this issue by just using {realm}/user and omitting /auth in between.

Akanksha_p
  • 916
  • 12
  • 20
  • 1
    do you know how to make keycloak to respond to /auth/* path anyway? I'm forced to have this path for backward compartibility – Kostanos May 26 '22 at 19:22
  • 3
    @Kostanos set `KC_HTTP_RELAITVE_PATH=/auth` to have it behave the same way it did on the old wildfly distribution. While switching from wildfly to quarkus, we decided to not use the old "auth" basepath, but use "/" instead, as it is more clean, and allow to use "/" optionally to keep it backwards compatible. See e.g. https://www.keycloak.org/server/all-config?q=relative - you have to run a build for this to take effect, so either use an optimized docker image (see container guide) or use the `--auto-build` flag. Or, when onprem/not containerized, run a `build` command first with the cmd. – Dominik May 30 '22 at 20:56
  • Hi thanks @Akansha_p but how the resulting path will appear then? in this case? – buddhiv Jun 17 '22 at 21:57
  • @buddhiv, as per the question, flololan is trying to get list of all users. And based on the documentation, we need to use ```GET /{realm}/users``` as the endpoint, So, the url should look like ```http://PATHTOCEAKLOAK:81/{your_realm_name}/users``` – Akanksha_p Jun 19 '22 at 06:53
  • thanks. but the working path for me was `http://{domain}/realms/{realm}/protocol/openid-connect/userinfo`. :) – buddhiv Jun 19 '22 at 14:30
12

In addition to @Akanksha_p's answer, here is a command to get the token using curl:

curl -k -H "Content-Type: application/x-www-form-urlencoded" -d "client_id=your-client" -d "username=some-user" -d "password=hardpassword" -d "grant_type=password" -X POST https://your.fqdn.server:8443/realms/yourrealm/protocol/openid-connect/token
Miguel
  • 121
  • 1
  • 3
1

I was actually working on the same and using docker image of bitnami/keycloak:latest

it worked with just removing /auth from base path and keeping it as /admin

something like this (GET http://localhost:8085/admin/realms/test-realm/users)

enter image description here

Sainandan Pai
  • 11
  • 2
1

If you want to know wich url are available on your current realm you can go in Realm -> Settings and click on "Ednpoints" link.

Or directly go to the following url : http://{host}:{port}/realms/{your_realm}/.well-known/openid-configuration.

drino
  • 46
  • 4
1

Latest for image quay.io/keycloak/keycloak:21.1.1

$docker exec -it container_name bash

Now from the container shell (bash)

bash-5.1$ cd ~/bin/ 
bash-5.1$./kcadm.sh config credentials --server http://localhost:8080 --realm master --user admin

Enter your credentials for the admin user

bash-5.1$./kcadm.sh update realms/master -s sslRequired=NONE --server http://localhost:8080
Sandeepa Kariyawasam
  • 531
  • 1
  • 6
  • 28
Giriraj Rajawat
  • 11
  • 2