Before reporting an issue

• I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

admin/ui

Describe the bug

I upgraded from 26.2.5 to 26.3.1 and could not load security-admin-console. I was getting a 500 and this stack trace on the my /admin/serverinfo endpoint.

Was able to determine that the sub claim was missing from my access token and that was causing the issue. Similar issue #40249.

After downgrading to 26.2.5 I found I do have the sub mapper in the basic scope and it was set to add to regular access tokens but not lightweight access tokens. I also noted that my security-admin-console client has the "always use lightweight access token" turned on. I believe that these are both at default settings added by earlier migrations and I haven't modified them, but cannot be 100% sure. I'm pretty confident though as it affected two different realms the same way, my master realm, which I have barely changed any options on except to lock down, and another realm which I have heavily customized.

I flipped the switch to "Add to lightweight access token" on the sub mapper and after that upgrading back to 26.3.1 I was able to log in to security-admin-console.

Version

26.3.1

Regression

• The issue is a regression

Expected behavior

To be able to login in to the Keycloak administration UI.

Actual behavior

After logging in to the administration UI, I am greeted with a blank white page.

How to Reproduce?

Upgrade from Keycloak 26.2.5 to 26.3.1 with default basic client scope and security-admin-console configurations.

Anything else?

No response