Initializing with kc-config-cli not working

[francis-pouatcha]

linux:~/dev/keycloak-ssi-deployment$ export JAVA_HOME="/usr/lib/jvm/java-21-openjdk-amd64" && ./config/import_kc_config.sh
Config cli jar file exists...
Running the JAR file...
2025-03-09T16:58:12.713+01:00 INFO 1061309 --- [ main] d.a.k.config.KeycloakConfigApplication : Starting KeycloakConfigApplication v6.2.1 using Java 21.0.6 with PID 1061309 (/home/francis/dev/keycloak-ssi-deployment/target/keycloak-config-cli/target/keycloak-config-cli.jar started by francis in /home/francis/dev/keycloak-ssi-deployment)
2025-03-09T16:58:12.722+01:00 INFO 1061309 --- [ main] d.a.k.config.KeycloakConfigApplication : No active profile set, falling back to 1 default profile: "default"
2025-03-09T16:58:13.964+01:00 INFO 1061309 --- [ main] d.a.k.config.KeycloakConfigApplication : Started KeycloakConfigApplication in 2.205 seconds (process running for 3.273)
2025-03-09T16:58:15.605+01:00 INFO 1061309 --- [ main] d.a.k.config.KeycloakConfigRunner : Importing file 'file:/home/francis/dev/keycloak-ssi-deployment/config/realm.json'
2025-03-09T16:58:17.259+01:00 ERROR 1061309 --- [ main] d.a.k.config.KeycloakConfigRunner : HTTP 401 Unauthorized
2025-03-09T16:58:17.260+01:00 INFO 1061309 --- [ main] d.a.k.config.KeycloakConfigRunner : keycloak-config-cli ran in 00:02.290.

[Awambeng]

@francis-pouatcha From the output, it looks like the Keycloak Config CLI failed to authenticate with Keycloak, resulting in the 401 error. I checked out the branch and noticed that the import was being attempted on the wrong Keycloak instance.

To resolve this, you need to update the KEYCLOAK_URL environment variable from https://keycloak.eudi-adorsys.com to your local instance at https://localhost:8443. This should allow authentication to succeed using the credentials defined in the .env file.

Since this isn't an issue with the tool itself but rather a misconfiguration, I suggest we close this ticket. Let me know if you need any further assistance!

[francis-pouatcha]

KEYCLOAK_URL shall be set to KEYCLOAK_EXTERNAL_ADDR or the KEYCLOAK_ADMIN_ADDR?

[francis-pouatcha]

Here is the new log:

Config cli jar file exists...
Running the JAR file...
2025-03-10T10:55:41.370+01:00  INFO 1424997 --- [           main] d.a.k.config.KeycloakConfigApplication   : Starting KeycloakConfigApplication v6.2.1 using Java 21.0.6 with PID 1424997 (/home/francis/dev/keycloak-ssi-deployment/target/keycloak-config-cli/target/keycloak-config-cli.jar started by francis in /home/francis/dev/keycloak-ssi-deployment)
2025-03-10T10:55:41.379+01:00  INFO 1424997 --- [           main] d.a.k.config.KeycloakConfigApplication   : No active profile set, falling back to 1 default profile: "default"
2025-03-10T10:55:42.696+01:00  INFO 1424997 --- [           main] d.a.k.config.KeycloakConfigApplication   : Started KeycloakConfigApplication in 2.257 seconds (process running for 3.204)
2025-03-10T10:55:44.218+01:00  INFO 1424997 --- [           main] d.a.k.config.KeycloakConfigRunner        : Importing file 'file:/home/francis/dev/keycloak-ssi-deployment/config/realm.json'
2025-03-10T10:55:46.980+01:00  WARN 1424997 --- [           main] d.a.k.config.provider.KeycloakProvider   : Local keycloak-config-cli (6.2.1-26.0.5) and remote Keycloak (999.0.0-SNAPSHOT) may not compatible.
2025-03-10T10:55:47.292+01:00 ERROR 1424997 --- [           main] d.a.k.config.KeycloakConfigRunner        : jakarta.ws.rs.ProcessingException: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "verifiableCredentialsEnabled" (class org.keycloak.representations.idm.RealmRepresentation), not marked as ignorable (144 known properties: "userFederationMappers", "rememberMe", "duplicateEmailsAllowed", "adminEventsDetailsEnabled", "users", "clientOfflineSessionMaxLifespan", "webAuthnPolicyRequireResidentKey", "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister", "components", "otpPolicyType", "accessCodeLifespanUserAction", "id", "webAuthnPolicyAttestationConveyancePreference", "enabledEventTypes", "applications", "webAuthnPolicyPasswordlessSignatureAlgorithms", "eventsListeners", "ssoSessionMaxLifespanRememberMe", "defaultDefaultClientScopes", "webAuthnPolicyPasswordlessCreateTimeout", "clientOfflineSessionIdleTimeout", "notBefore", "publicKey", "smtpServer", "clientPolicies", "resetPasswordAllowed", "webAuthnPolicyAvoidSameAuthenticatorRegister", "accessTokenLifespanForImplicitFlow", "webAuthnPolicyPasswordlessUserVerificationRequirement", "clientScopes", "internationalizationEnabled", "defaultRole", "accessTokenLifespan", "passwordCredentialGrantAllowed", "federatedUsers", "applicationScopeMappings" [truncated]])
 at [Source: REDACTED (`StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION` disabled); line: 1, column: 10637] (through reference chain: org.keycloak.representations.idm.RealmRepresentation["verifiableCredentialsEnabled"])
2025-03-10T10:55:47.293+01:00  INFO 1424997 --- [           main] d.a.k.config.KeycloakConfigRunner        : keycloak-config-cli ran in 00:03.652.

Some sort of incompatibility. Shall i restart the database?

[Awambeng]

There is an incompatibility issue between the Keycloak Config CLI version and the Keycloak version, causing the import to fail due to unrecognized properties.

KEYCLOAK_URL can be set to KEYCLOAK_ADMIN_ADDR

[francis-pouatcha]

Which version should I use when testing on your branch? The TAG property for the KC config is currently configured as v6.2.1?

[Awambeng]

You can use the main branch. i added some changes to ease your work
f90521b