Import/Export client or realm settings causes java.lang.RuntimeException: Script upload is disabled

Solution Unverified - Updated -

Issue

  • The deprecation of upload_scripts feature prevents Import/Export Authorization Settings from any openid-connect client with the following exception:
ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-7) Uncaught server error: java.lang.RuntimeException: Script upload is disabled
    at org.keycloak.authorization.policy.provider.js.JSPolicyProviderFactory.updatePolicy(JSPolicyProviderFactory.java:125)
    at org.keycloak.authorization.policy.provider.js.JSPolicyProviderFactory.onImport(JSPolicyProviderFactory.java:70)
    at org.keycloak.models.utils.RepresentationToModel.toModel(RepresentationToModel.java:2185)
    at org.keycloak.models.utils.RepresentationToModel.importPolicies(RepresentationToModel.java:2113)
    at org.keycloak.models.utils.RepresentationToModel.toModel(RepresentationToModel.java:2059)
    at org.keycloak.authorization.admin.ResourceServerService.importSettings(ResourceServerService.java:136)

  • We need to be able to export client configuration data from one RH-SSO instance and import it to another instance.

  • Exporting and then importing realm in RH-SSO fails with following error

ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-3) Uncaught server error: java.lang.RuntimeException: Script upload is disabled
        at org.keycloak.keycloak-authz-policy-common@18.0.0.redhat-00001//org.keycloak.authorization.policy.provider.js.JSPolicyProviderFactory.throwCanNotUpdatePolicy(JSPolicyProviderFactory.java:130)
        at org.keycloak.keycloak-authz-policy-common@18.0.0.redhat-00001//org.keycloak.authorization.policy.provider.js.JSPolicyProviderFactory.onImport(JSPolicyProviderFactory.java:72)
        at org.keycloak.keycloak-server-spi-private@18.0.0.redhat-00001//org.keycloak.models.utils.RepresentationToModel.toModel(RepresentationToModel.java:2483)
        at org.keycloak.keycloak-server-spi-private@18.0.0.redhat-00001//org.keycloak.authorization.AuthorizationProvider$3.create(AuthorizationProvider.java:351)
        at org.keycloak.keycloak-server-spi-private@18.0.0.redhat-00001//org.keycloak.models.utils.RepresentationToModel.importPolicies(RepresentationToModel.java:2405)
        at org.keycloak.keycloak-server-spi-private@18.0.0.redhat-00001//org.keycloak.models.utils.RepresentationToModel.toModel(RepresentationToModel.java:2353)
        at org.keycloak.keycloak-server-spi-private@18.0.0.redhat-00001//org.keycloak.models.utils.RepresentationToModel.importAuthorizationSettings(RepresentationToModel.java:2300)
        at org.keycloak.keycloak-server-spi-private@18.0.0.redhat-00001//org.keycloak.models.utils.RepresentationToModel.lambda$importRealmAuthorizationSettings$9(RepresentationToModel.java:2278)
        at java.base/java.util.ArrayList.forEach(ArrayList.java:1540)
        at org.keycloak.keycloak-server-spi-private@18.0.0.redhat-00001//org.keycloak.models.utils.RepresentationToModel.importRealmAuthorizationSettings(RepresentationToModel.java:2276)

Environment

  • Red Hat Single Sign-On (RH-SSO)
    • 7.3
    • 7.4
    • 7.5
    • 7.6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content