0

Is it possible to create a Kerberos user with the Keycloak Rest API ?

I've tried a few times without success. I also have a hunch that it won't be possible. What do you think about it ?

[EDIT] I tried something like this for example

POST https://w19keycloak.domain.lan:8443/auth/admin/realms/master/users
Content-Type: application/json
Authorization: Bearer eyJh654654TaGtHE0In0.eyJleHAiOj65WlsLmNvbSJ9.GkLCcfONJqS_KeQAAqAisit-2DViuD3w

{
  "email": "firstname.lastname@domain.lan",
  "enabled": true,
  "username": "firstname.lastname",
  "attributes":
  {
    "KERBEROS_PRINCIPAL": ["firstname.lastname@DOMAIN.LAN"]
  },
  "federationLink": "4447dca-a351-4537-a311-a0a6cb1555"
}

I tried with many combinations of parameters, but I often encounter the same problem: a timeout

2022-01-26 14:44:19,942 INFO  [stdout] (default task-24) Debug is  true storeKey true useTicketCache false useKeyTab false doNotPrompt false ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
2022-01-26 14:44:19,942 INFO  [stdout] (default task-24)                            [Krb5LoginModule] user entered username: firstname.lastname@DOMAIN.LAN
2022-01-26 14:44:19,942 INFO  [stdout] (default task-24) 
2022-01-26 14:46:52,353 INFO  [stdout] (default task-20)                            [Krb5LoginModule] authentication failed 
2022-01-26 14:46:52,353 INFO  [stdout] (default task-20) Receive timed out
2022-01-26 14:46:52,353 WARN  [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (default task-20) SQL Error: 0, SQLState: null
2022-01-26 14:46:52,353 ERROR [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (default task-20) IJ031013: Interrupted attempting lock: org.jboss.jca.adapters.jdbc.local.LocalManagedConnection@6ad44273
2022-01-26 14:46:52,353 WARN  [org.keycloak.utils.ServicesUtils] (default task-20) Execution with object [org.keycloak.federation.kerberos.KerberosFederationProvider@45af6037] exceeded specified time limit 3000. 
2022-01-26 14:46:52,353 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-20) Uncaught server error: javax.persistence.PersistenceException: org.hibernate.exception.GenericJDBCException: could not prepare statement
                at org.hibernate.internal.ExceptionConverterImpl.convert(ExceptionConverterImpl.java:154)
                at org.hibernate.query.internal.AbstractProducedQuery.list(AbstractProducedQuery.java:1575)
                at org.hibernate.query.Query.getResultList(Query.java:132)
                at org.keycloak.models.jpa.JpaUserProvider.getUserByUsername(JpaUserProvider.java:522)
                at org.keycloak.federation.kerberos.KerberosFederationProvider.findOrCreateAuthenticatedUser(KerberosFederationProvider.java:237)
                at org.keycloak.federation.kerberos.KerberosFederationProvider.getUserByUsername(KerberosFederationProvider.java:94)
                at org.keycloak.storage.UserStorageManager.lambda$getUserByUsername$12(UserStorageManager.java:298)
                at org.keycloak.utils.ServicesUtils.lambda$timeBoundOne$1(ServicesUtils.java:83)
    ... 99 more
Caused by: java.sql.SQLException: IJ031013: Interrupted attempting lock: org.jboss.jca.adapters.jdbc.local.LocalManagedConnection@9ab15be
    at org.jboss.jca.adapters.jdbc.BaseWrapperManagedConnection.tryLock(BaseWrapperManagedConnection.java:405)
    at org.jboss.jca.adapters.jdbc.WrappedConnection.lock(WrappedConnection.java:168)
    at org.jboss.jca.adapters.jdbc.WrappedConnection.prepareStatement(WrappedConnection.java:471)
    at org.hibernate.engine.jdbc.internal.StatementPreparerImpl$5.doPrepare(StatementPreparerImpl.java:149)
    at org.hibernate.engine.jdbc.internal.StatementPreparerImpl$StatementPreparationTemplate.prepareStatement(StatementPreparerImpl.java:176)
    ... 115 more
T.Rex
  • 111
  • 1
  • 13

0 Answers0