Skip to content

CI workflow failing with http 403 forbidden request on keycloak 26.x builds #1307

Closed
#1308
Closed
CI workflow failing with http 403 forbidden request on keycloak 26.x builds#1307
#1308
Assignees
Thendo20
@Thendo20

Description

@Thendo20
Thendo20
opened on Aug 22, 2025

Summary

Keycloak-config-cli CI workflow is failing for keycloak server and client versions (26.0.5, 26.0.2) and (26.1.0, 26.0.4)
The builds are successful locally with matching versions which indicates a CI workflow specific issue.

Current Behaviour

  • CI workflow fails with HTTP 403 Forbidden errors during realm operations
  • Also fails for build-pom-version jobs with Java 17 and 21
  • Tests pass locally with the same Keycloak versions
  • Tests pass in CI with Keycloak versions < 26.0.0

Expected Behaviour

In the CI workflow keycloak-config-cli should successfully use realm operations without authentication errors

Error Details

target/classes/de/adorsys/keycloak/config/service/RealmImportService.java#L159
de.adorsys.keycloak.config.service.RealmImportService#updateRealmIfNecessary: Cannot update realm 'simple': HTTP 403 Forbidden{"error":"HTTP 403 Forbidden"}

Possible issue

There has been notable changes to JWT client authentication mentioned in Keycloak's release notes 26.0.

Image

Keycloak versions 26.x now enforces a maximum expiration of 60 seconds for JWT tokens used in client authentication. The CI workflow may have timing delays that causes the token to be rejected.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

os-competence-center-board
Status
Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions