Hi there,
we have been using an old version 7 of Keycloak for several years already and are updating to the version 17.0.1.
We got the server up and running, and created the first admin user with the standard script add-user-keycloak.sh.
After that we are able to access the management console in the browser.
And now we are trying to import our realms like we did in the past, for that we use the admin-cli.
We log in with following command from the shell:
kcadm.sh config credentials --server http://server:port/auth --realm master --user admin --password password
which is successful, the .keycloak/kcadm.config file is created, and i see the new session in the GUI.
(i repeat, we have only one user, and now i am logged in at the same time with 2 sessions, one in the browser/GUI and the second in the shell/admin-cli)
And then we need to get a list of available realms to decide what needs to be imported, with this command:
kcadm.sh get realms --fields realm
Leading sadly to a “HTTP error - 403 Forbidden”:
org.keycloak.client.admin.cli.util.HttpResponseException: HTTP error - 403 Forbidden
at org.keycloak.client.admin.cli.util.HeadersBodyStatus.checkSuccess(HeadersBodyStatus.java:61)
at org.keycloak.client.admin.cli.util.HttpUtil.checkSuccess(HttpUtil.java:353)
at org.keycloak.client.admin.cli.commands.AbstractRequestCmd.process(AbstractRequestCmd.java:363)
at org.keycloak.client.admin.cli.commands.AbstractRequestCmd.execute(AbstractRequestCmd.java:126)
at org.jboss.aesh.console.command.container.DefaultCommandContainer.executeCommand(DefaultCommandContainer.java:63)
at org.jboss.aesh.console.command.container.DefaultCommandContainer.executeCommand(DefaultCommandContainer.java:48)
at org.keycloak.client.admin.cli.aesh.AeshConsoleCallbackImpl.execute(AeshConsoleCallbackImpl.java:54)
at org.jboss.aesh.console.AeshProcess.run(AeshProcess.java:53)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.RuntimeException: Error403 - Forbidden
… 11 more
In the logs of the server we see:
{“timestamp”:“2022-10-20T14:26:09.777+02:00”,“sequence”:157,“loggerClassName”:“org.jboss.logging.Logger”,“loggerName”:“io.undertow.accesslog”,“level”:“INFO”,“message”:“10.x.x.x - - [20/Oct/2022:14:26:09 +0200] "GET /auth/admin/realms HTTP/1.1" 200 3922 0.100”,“threadName”:“default task-1”,“threadId”:135,“mdc”:{},“ndc”:“”,“hostName”:“server”,“processName”:“jboss-modules.jar”,“processId”:12788}
A log entry for a get on /auth/admin/realms while accessing the management console in the browser which is successful.
AND
{“timestamp”:“2022-10-20T14:25:17.134+02:00”,“sequence”:142,“loggerClassName”:“org.jboss.logging.Logger”,“loggerName”:“io.undertow.accesslog”,“level”:“INFO”,“message”:“10.x.x.x - - [20/Oct/2022:14:25:17 +0200] "GET /auth/admin/realms HTTP/1.1" 403 74 0.004”,“threadName”:“default I/O-1 “,“threadId”:79 ,“mdc”:{},“ndc”:””,“hostName”:“server”,“processName”:“jboss-modules.jar”,“processId”:12788}
A second log entry for a get on /auth/admin/realms while executing to last command from the admin-cli, which fails with an error 403 (using always the same user).
Question:
why are we getting that 403?
or
is there any way to get more information to try to get a better understanding of the problem by ourselves?
many thanks
Michael