I am trying to create realms in keycloak using java.I am able to create realms from master realm but not by using the credentials of the other realm.
Is it only possible to create realm from the master realm? Can anyone help me? Thanks in advance
1
votes
2 Answers
0
votes
The docs say that the main role of admins in the master realm is to create other realms:
Reserve use of the master realm for super admins to create and manage the realms in your system. Following this security model helps prevent accidental changes and follows the tradition of permitting user accounts access to only those privileges and powers necessary for the successful completion of their current task. (https://www.keycloak.org/docs/latest/server_admin/index.html#the-master-realm)
So yes, in reverse I interpret this as meaning that admins of realms other than master cannot create or delete realms.
Is it a problem for you to use the master realm? You could create a dedicated user there that only has permissions to create/delete realms if you don't want to use the "super admin" for this task.
0
votes
I think Marian says true, you must has a "master" realm, and an admin user (keycloak.admin.username= admin, keycloak.admin.password=admin_password). You can change these strings
public boolean createRealm(String realmName) throws IOException {
Keycloak keycloak = KeycloakInstance.getInstance();
RealmRepresentation realmRepresentation = new RealmRepresentation();
realmRepresentation.setId(realmName);
realmRepresentation.setRealm(realmName);
realmRepresentation.setEnabled(true);
try {
keycloak.realms().create(realmRepresentation);
} catch (Exception e) {
e.printStackTrace();
return false;
}
return true;
}
