Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Keycloak 18 - Realm import fails with "Base URL is not a valid URL; A redirect URI is not a valid URI"

See original GitHub issue

Describe the bug

I created a new realm through the admin UI with name “Test Realm”, and keep everything at default values, I then exported that realm with ./bin/kc.sh export --dir ./export , and copied the “Test Realm-realm.json” into ./data/import/realm.json. I then deleted “Test Realm” through the admin UI.

If I run ./bin/kc.sh start --import-realm, the import fails with:

Appending additional Java properties to JAVA_OPTS: -Djgroups.dns.query=localhost
2022-05-10 08:45:55,784 INFO  [org.keycloak.quarkus.runtime.hostname.DefaultHostnameProvider] (main) Hostname settings: FrontEnd: <request>, Strict HTTPS: false, Path: <request>, Strict BackChannel: false, Admin: <request>, Port: -1, Proxied: false
2022-05-10 08:45:57,384 WARN  [org.infinispan.CONFIG] (keycloak-cache-init) ISPN000569: Unable to persist Infinispan internal caches as no global state enabled
2022-05-10 08:45:57,401 WARN  [org.infinispan.PERSISTENCE] (keycloak-cache-init) ISPN000554: jboss-marshalling is deprecated and planned for removal
2022-05-10 08:45:57,471 INFO  [org.infinispan.CONTAINER] (keycloak-cache-init) ISPN000556: Starting user marshaller 'org.infinispan.jboss.marshalling.core.JBossUserMarshaller'
2022-05-10 08:45:57,820 INFO  [org.infinispan.CONTAINER] (keycloak-cache-init) ISPN000128: Infinispan version: Infinispan 'Triskaidekaphobia' 13.0.8.Final
2022-05-10 08:45:57,998 INFO  [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000078: Starting JGroups channel `ISPN`
2022-05-10 08:46:00,218 INFO  [org.jgroups.protocols.pbcast.GMS] (keycloak-cache-init) a-2chnjtenrvouy-4750: no members discovered after 2002 ms: creating cluster as coordinator
2022-05-10 08:46:00,228 INFO  [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000094: Received new cluster view for channel ISPN: [a-2chnjtenrvouy-4750|0] (1) [a-2chnjtenrvouy-4750]
2022-05-10 08:46:00,233 INFO  [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000079: Channel `ISPN` local address is `a-2chnjtenrvouy-4750`, physical addresses are `[10.247.56.85:7800]`
2022-05-10 08:46:00,803 INFO  [org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory] (main) Node name: a-2chnjtenrvouy-4750, Site name: null
2022-05-10 08:46:04,194 INFO  [org.infinispan.CLUSTER] (main) ISPN000080: Disconnecting JGroups channel `ISPN`
2022-05-10 08:46:04,313 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Failed to start server in (production) mode
2022-05-10 08:46:04,314 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Failed to import realm: Test Realm
2022-05-10 08:46:04,314 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Invalid client account: Base URL is not a valid URL; A redirect URI is not a valid URI
2022-05-10 08:46:04,315 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) For more details run the same command passing the '--verbose' option. Also you can use '--help' to see the details about the usage of the particular command.

Keycloak was built with:

ENV KC_DB=mysql
ENV KC_HTTP_RELATIVE_PATH=/auth
ENV KC_HEALTH_ENABLED=true
ENV KC_METRICS_ENABLED=true

It is started with the following environment variables:

JAVA_OPTS_APPEND="-Djgroups.dns.query=localhost"
KC_HOSTNAME_STRICT=false
KC_HOSTNAME_STRICT_HTTPS=false
KC_HTTP_PORT=8080
KC_HTTP_ENABLED=true
KC_DB_URL_DATABASE=keycloak_test
KC_DB_URL_HOST=xxx
KC_DB_USERNAME=xxx
KC_DB_USERNAME=xxx

Version

18.0

Expected behavior

It should be possible to import realm that was exported with keycloak.

Actual behavior

Import fails

How to Reproduce?

Create new “Test Realm” with default settings
Export the realm with ./bin/kc.sh export --dir ./export
Copy exported “Test Realm-realm.json” to ./data/import/realm.json
Delete “Test Realm” through the admin UI
Start keycloak with “./bin/kc.sh start --import-realm”

Anything else?

No response

Issue Analytics

State:
Created a year ago
Comments:11 (6 by maintainers)

Top GitHub Comments

2reactions

pedroigorcommented, May 16, 2022

In a nutshell, we should add validation for realm names, and now that we have a proper validation framework we can do that in a consistent manner. For now, people should avoid using spaces and realm names but use the display name to set a user-friendly name.

0reactions

djotanovcommented, May 13, 2022

For now, workaround is to fix baseUrl and redirectUri manually, replacing space with %20 in realm. With that in place, import works fine, and I haven’t noticed any other issues. Applications using this realm work fine. The next thing that blocks me is inability to perform export/import from docker container: https://github.com/keycloak/keycloak/issues/11902

It is easy to reproduce, and probably simple to fix, or work around (maybe by setting some missing environment variable?), but I just can’t seem to find a workaround.