In a Quarkus application I'm trying to automate test with Keycloak dev service integration:
implementation 'io.quarkus:quarkus-oidc'
implementation 'io.quarkus:quarkus-oidc-client'
implementation("io.quarkus:quarkus-keycloak-admin-client")
and
%test.quarkus.oidc.enabled=true
%test.quarkus.keycloak.devservices.enabled=true
%test.quarkus.keycloak.devservices.realm-path=quarkus-realm.json
where quarkus-realm.json is this:
{
"realm": "quarkus",
"enabled": true,
"groups": [
{
"name": "AziendaXXX"
},
{
"name": "AziendaYYY"
}
],
"users": [
{
"username": "alice",
"enabled": true,
"emailVerified": true,
"firstName": "Alice",
"lastName": "Wonderland",
"credentials": [
{
"type": "password",
"value": "alice"
}
],
"clientRoles": {
"realm-management": [
"view-clients",
"manage-users",
"view-users"
],
"front-end": [
"ADMIN"
]
},
"groups": [
"/AziendaXXX",
"/AziendaYYY"
],
"attributes": {
"phoneNumber": "1234567890",
"profilePic": "alice-pic-base64",
"authType": "keycloak"
}
},
{
"username": "bob",
"enabled": true,
"emailVerified": true,
"firstName": "Bob",
"lastName": "Builder",
"credentials": [
{
"type": "password",
"value": "bob"
}
],
"clientRoles": {
"realm-management": [
"view-clients",
"manage-users",
"view-users"
],
"front-end": [
"ADMIN"
]
},
"groups": [
"/AziendaXXX"
],
"attributes": {
"phoneNumber": "0987654321",
"profilePic": "bob-pic-base64",
"authType": "keycloak"
}
}
],
"clients": [
{
"clientId": "back-end",
"enabled": true,
"secret": "xxx",
"clientAuthenticatorType": "client-secret",
"redirectUris": [
"*"
],
"webOrigins": [
"*"
],
"publicClient": false,
"protocol": "openid-connect",
"serviceAccountsEnabled": true,
"directAccessGrantsEnabled": true
},
{
"clientId": "front-end",
"enabled": true,
"publicClient": true,
"protocol": "openid-connect",
"redirectUris": [
"*"
],
"webOrigins": [
"*"
],
"directAccessGrantsEnabled": true,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"serviceAccountsEnabled": false,
"protocolMappers": [
{
"name": "roles",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-client-role-mapper",
"consentRequired": false,
"config": {
"multivalued": "true",
"userinfo.token.claim": "true",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "roles",
"jsonType.label": "String",
"client.id": "front-end"
}
},
{
"name": "groups-to-aziende",
"protocol": "openid-connect",
"protocolMapper": "oidc-group-membership-mapper",
"consentRequired": false,
"config": {
"claim.name": "aziende",
"full.path": "false",
"id.token.claim": "true",
"access.token.claim": "true",
"userinfo.token.claim": "true"
}
}
]
}
],
"roles": {
"client": {
"front-end": [
{
"name": "ADMIN",
"description": "",
"composite": false,
"clientRole": true
}
]
}
}
}
And it works.
But if I try to add managed attributes like this:
{
"realm": "quarkus",
"enabled": true,
"components": {
".keycloak.userprofile.UserProfileProvider": [
{
"providerId": "declarative-user-profile",
"subComponents": {},
"config": {
"kc.user.profile.config": [
"{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"phoneNumber\",\"displayName\":\"\",\"validations\":{},\"annotations\":{},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"profilePic\",\"displayName\":\"\",\"validations\":{},\"annotations\":{},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"authType\",\"displayName\":\"\",\"validations\":{},\"annotations\":{},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false}],\"groups\":[{\"name\":\"user-metadata\",\"displayHeader\":\"User metadata\",\"displayDescription\":\"Attributes, which refer to user metadata\"}]}"
]
}
}
]
},
"groups": [
{
"name": "AziendaXXX"
},
{
"name": "AziendaYYY"
}
],
...
The keycloak service starts but all calls with Keycloak Admin Client returning a 400 Bad Request.
Why?
How can I add predefined attributes for all users in quarkus-realm.json?