Prior to Keycloak V18, there was a possibility to include a Javascript piece of code to execute scripts during runtime in order to allow administrators to customize specific functionalities.

This feature has been deprecated than removed in v18 (https://www.keycloak.org/2022/04/keycloak-1800-released).

If you try to import a realm that contains such authorization setting, you won't be able to import to a recent version of Keycloak.
The import will result in a Error creating XXXXX: java.lang.RuntimeException: Script upload is disabled error message that you'll find in the logs.

Most often, if you did not rely on this feature (this is an old artefact or older Keycloak versions) you'll simply need to clean up the json file to import.
If you are actually using this feature, please check the official documentation to migrate: https://www.keycloak.org/docs/latest/server_development/#_script_providers

Locate the client policies with the attribute "type": "js" and drop the policy from the file

{
  "authorizationSettings": {
    "allowRemoteResourceManagement": ...,
    "policyEnforcementMode": ...,
    "resources": [...],
    "policies": [
      {
        "id": "00000000-0000-0000-0000-00000000000",
        "name": "Default Policy",
        "description": "A policy that grants access only for users within this realm",
        "type": "js",
        "logic": "POSITIVE",
        "decisionStrategy": "AFFIRMATIVE",
        "config": {
          "code": "// by default, grants any permission associated with this policy\n$evaluation.grant();\n"
        }
      },
      {
        ...
      }
    ],
    "scopes": [],
    "decisionStrategy": ...
  }
}


Re-import the corrected file and this should be able to complete this time 👌
Was this article helpful?
Cancel
Thank you!