Wrong path generated by Keycloak admin client reactive resulting in 404

See original GitHub issue

Describe the bug

When using quarkus-keycloak-admin-client-reactive, requests being sent to keycloak to manage resources (auth seems ok since no 401) are returning 404. When looking at TRACE logs to understand what’s happening, I see that the path is not formatted correctly (e.g. http://localhost:8180/admin/realms/myrealm/clients/clients to list clients). Same thing with roles for where the resource type appears two times in the path.

When switching to quarkus-keycloak-admin-client (non-reactive version) extension, everything seems fine. I guess there is a difference between to two. There is not much code is those two extensions in this repository but I couldn’t figure out where it breaks. The non-reactive version seems to have some more dependencies. Details below.

Expected behavior

Path should be formatted correctly in order not to return 404

Actual behavior

Created paths that targets resources are not matching the Keycloak REST API specifications (17.0.1)

How to Reproduce?

Quarkus with quarkus-keycloak-admin-client-reactive

    @Inject
    keycloakConfig config;
    
    @ApplicationScoped
    Keycloak keycloak() {
        return KeycloakBuilder.builder()
            .serverUrl(config.serverUrl())
            .realm(config.realm())
            .grantType(OAuth2Constants.CLIENT_CREDENTIALS)
            .clientId(config.clientId())
            .clientSecret(config.clientSecret())
            .build();
    }

List<ClientRepresentation> r = keycloak.realm("myrealm").clients().findAll();

Dependencies versions

# When using reactive version
❯ mvn dependency:tree | grep keyc
[INFO] +- io.quarkus:quarkus-keycloak-admin-client-reactive:jar:2.8.0.Final:compile
[INFO] |  +- org.keycloak:keycloak-core:jar:17.0.1:compile
[INFO] |  |  +- org.keycloak:keycloak-common:jar:17.0.1:compile
[INFO] |  +- org.keycloak:keycloak-admin-client:jar:17.0.1:compile

# When using non-reactive version
❯ mvn dependency:tree | grep keyc
[INFO] +- io.quarkus:quarkus-keycloak-admin-client:jar:2.8.0.Final:compile
[INFO] |  +- org.keycloak:keycloak-adapter-core:jar:17.0.1:compile
[INFO] |  +- org.keycloak:keycloak-core:jar:17.0.1:compile
[INFO] |  |  +- org.keycloak:keycloak-common:jar:17.0.1:compile
[INFO] |  +- org.keycloak:keycloak-admin-client:jar:17.0.1:compile
[INFO] |  +- org.keycloak:keycloak-authz-client:jar:17.0.1:compile

docker

docker run --rm -p 8180:8080 -e KEYCLOAK_ADMIN=admin -e KC_HTTP_ENABLED=true -e \
KEYCLOAK_ADMIN_PASSWORD=admin -e KC_HOSTNAME_STRICT=false --name kc \
quay.io/keycloak/keycloak:17.0.1 start

Output of uname -a or ver

Linux REDACTED 5.15.0-25-generic #25-Ubuntu SMP Wed Mar 30 15:54:22 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

Output of java -version

openjdk version “17.0.2” 2022-01-18 OpenJDK Runtime Environment Temurin-17.0.2+8 (build 17.0.2+8) OpenJDK 64-Bit Server VM Temurin-17.0.2+8 (build 17.0.2+8, mixed mode, sharing)

GraalVM version (if different from Java)

No response

Quarkus version or git rev

2.8.0.Final

Build tool (ie. output of mvnw --version or gradlew --version)

Apache Maven 3.6.3

Additional information

No response

Issue Analytics

  • State:closed
  • Created a year ago
  • Comments:5 (3 by maintainers)

github_iconTop GitHub Comments

1reaction
michalszynkiewiczcommented, Apr 25, 2022
1reaction
m-brgscommented, Apr 19, 2022

docker run --rm -p 8180:8080 -e KEYCLOAK_ADMIN=admin -e KC_HTTP_ENABLED=true -e KEYCLOAK_ADMIN_PASSWORD=admin -e KC_HOSTNAME_STRICT=false --name kc quay.io/keycloak/keycloak:17.0.1 start-dev

  1. Connect to keycloak at http://localhost:8180/admin/master/console with admin:admin
  2. Create realm ‘myrealm’
  3. Create confidential client named ‘client’ with Standard flow disabled and direct access grants disabled. Enable service accounts.
  4. Go to service account and add all realm-management and account client roles (for the sake of example)
  5. Retrieve client secret and add it to application.yaml
  6. Download : realm-app.tar.gz
  7. run : tar -xvzf realm-app.tar.gz and cd realm
  8. run : quarkus dev
  9. run : curl http://localhost:8080/test

You should get get : Response: GET http://localhost:8180/admin/realms/myrealm/clients/clients, Status[404 Not Found],

Read more comments on GitHub >

github_iconTop Results From Across the Web

Creating users error: /roles endpoint Keycloak HTTP 404
It returns me a HTTP 404 error. Digging deeper and it looks like that the .roles() method failes. The User is created in...
Read more >
Keycloak 17.0.0 results in "page not found" for admin url
On using the URL http://localhost:8080/auth/admin I get a “page not found” message. Here is the log file when the error occurs…
Read more >
[KEYCLOAK-7372] Admin Rest API Incorrectly Identifies Client
Another problem I found when trying to receive list of roles assigned to a client is the fact, that the documentation misses "realms/"...
Read more >
Home of Quarkus Cheat-Sheet - GitHub Pages
A RESTEasy Reactive-based REST Client extension. You only need to replace the quarkus-rest-client to quarkus-rest-client-reactive . Multipart.
Read more >
Accessing Keycloak Endpoints Using Postman - Baeldung
Client – calls the protected resource on behalf of the resource owner; Authorization Server – issues an OAuth 2.0 token and delivers it...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found