403 status when creating realm and user using service account from master realm - Keycloak

Question

I have a multitenant app where realms will be created automatically by the backend service.

For this, I have a client with service account enabled and full scope allowed at the master realm, but when using it through the keycloak admin java client I can create a new realm, but can't create a new user inside of it.

KeycloakBuilder
            .builder()
            .grantType(OAuth2Constants.CLIENT_CREDENTIALS)
            .serverUrl(masterCredentials.getAuthServerUrl())
            .realm(MASTER_REALM)
            .clientId(masterCredentials.getClientId())
            .clientSecret(masterCredentials.getClientSecret())
            .resteasyClient(buildResteasyClient())
            .build();

When logging with the admin user the user was created successfully:

Keycloak.getInstance(masterCredentials.getAuthServerUrl(),
            "master",
            "admin",
            "admin",
            "admin-cli");

ravthiru ravthiru · Accepted Answer · 2019-02-28T06:41:48

You need to set needed roles for your service Account , can check more information about service account roles in keycloak wiki

403 status when creating realm and user using service account from master realm - Keycloak

1 Answers