After installing DevTest, the DataSourceUpdater.exe was used to configure Identity Access Manager with SQL Server.

There were no issues while running the DataSourceUpdater, however when trying to start IAM we are getting the following exception:

ERROR [org.keycloak.connections.jpa.updater.liquibase.conn.DefaultLiquibaseConnectionProvider] (ServerService Thread Pool -- 53) Change Set META-INF/jpa-changelog-1.0.0.Final.xml::1.0.0.Final::[email protected] failed. Error: The REFERENCES permission was denied on the object 'CLIENT_SESSION', database 'DevTest', schema 'dbo'. [Failed SQL: ALTER TABLE [dbo].[CLIENT_SESSION_ROLE] ADD CONSTRAINT [FK_11B7SGQW18I532811V7O2DV76] FOREIGN KEY ([CLIENT_SESSION]) REFERENCES [dbo].[CLIENT_SESSION] ([ID])]: liquibase.exception.DatabaseException: The REFERENCES permission was denied on the object 'CLIENT_SESSION', database 'DevTest', schema 'dbo'. [Failed SQL: ALTER TABLE [dbo].[CLIENT_SESSION_ROLE] ADD CONSTRAINT [FK_11B7SGQW18I532811V7O2DV76] FOREIGN KEY ([CLIENT_SESSION]) REFERENCES [dbo].[CLIENT_SESSION] ([ID])]

The database user has CREATE and ALTER privileges.

All supported DevTest releases.

User starting IAM service did not have the right DBA privileges..

Using a database client application we could verify some tables were being created, but IAM was still failing to start.

We had to set the IAM DB user to have DBA privileges while starting IAM.

After this modification, the IAM service was able to create all the necessary tables and we could also start additional DevTest components.

As stated in our documentation, please ensure that the DevTest user has DBA privileges.

After the schema is created, the DBA privileges from the user can be removed.

 

Refer to section "Database Requirements" in the documentation of the DevTest release you are running.