Describe the bug
When running the Keycloak benchmark scenario keycloak.scenario.admin.CreateUsers, the CLI parameter --client-id is not correctly applied. The scenario appears to use a hardcoded client_id=gatling when requesting a service account token, even though --client-id=client-0 is provided.
This results in a 401 invalid_client error because Keycloak receives a client id that does not exist (or does not match the provided secret).
Version
26.4.7
Expected behavior
The request should use the client id passed via CLI:
Expected form body:
grant_type=client_credentials&client_id=client-0&client_secret=client-0-secret
And the scenario should proceed to create users instead of failing at token acquisition.
Actual behavior
Benchmark fails with 401 when requesting token. Log shows it uses client_id=gatling instead of the CLI value (client-0):
POST https://login-staging.vecko.dev/realms/benchmark/protocol/openid-connect/token
...
body: grant_type=client_credentials&client_id=gatling&client_secret=client-0-secret
...
401 Unauthorized
{"error":"invalid_client","error_description":"Invalid client or Invalid client credentials"}
How to Reproduce?
Ensure realm benchmark exists on the target Keycloak.
Create a confidential client (service account enabled) with:
Client ID: client-0
Client Secret: client-0-secret
Service Accounts Enabled: ON
Appropriate permissions/roles for user creation (per scenario requirements)
Run the command above.
Observe that the benchmark fails immediately when fetching the service account token.
bash kcb.sh \
--scenario=keycloak.scenario.admin.CreateUsers \
\
--server-url=https://keycloak.example.com \
--realm-name=benchmark \
\
--client-id=client-0 \
--client-secret=client-0-secret \
\
--users-per-sec=1 \
--ramp-up=1 \
--measurement=300 \
\
--log-http-on-failure
Anything else?
No response
Describe the bug
When running the Keycloak benchmark scenario keycloak.scenario.admin.CreateUsers, the CLI parameter --client-id is not correctly applied. The scenario appears to use a hardcoded client_id=gatling when requesting a service account token, even though --client-id=client-0 is provided.
This results in a 401 invalid_client error because Keycloak receives a client id that does not exist (or does not match the provided secret).
Version
26.4.7
Expected behavior
The request should use the client id passed via CLI:
Expected form body:
grant_type=client_credentials&client_id=client-0&client_secret=client-0-secretAnd the scenario should proceed to create users instead of failing at token acquisition.
Actual behavior
Benchmark fails with 401 when requesting token. Log shows it uses client_id=gatling instead of the CLI value (client-0):
How to Reproduce?
Ensure realm benchmark exists on the target Keycloak.
Create a confidential client (service account enabled) with:
Client ID: client-0
Client Secret: client-0-secret
Service Accounts Enabled: ON
Appropriate permissions/roles for user creation (per scenario requirements)
Run the command above.
Observe that the benchmark fails immediately when fetching the service account token.
Anything else?
No response