ka = KeycloakAdmin(server_url={$ENDPOINT},
username='myuser',
password='mypwd',
realm_name='master',
client_id='admin-cli',
verify=False)
I get the following error:
keycloak.exceptions.KeycloakPostError: 403: b’
I could now get past this error but the I get another. First here is how I got past the error:
ka = KeycloakAdmin(server_url={$ENDPOINT},
username='myuser',
password='mypwd',
user_realm_name='myrealm',
client_id='myclient1',
client_secret_key={$CLIENT_SECRET}
verify=False)
But now when I try to do:
realm_roles = ka.get_realm_roles()
I get:
error_message=message, response_code=response.status_code, response_body=response.content
keycloak.exceptions.KeycloakGetError: 403: b’{“error”:“unknown_error”}’
Not a very good error message.
403 is authorization related. I believe the user has to have view-realm in order to see realm roles.
Also, you’re using both username/password and client id/secret. You’ll want to pick one, either password grant type or client_credentials grant type. I’d suggest starting with the admin-cli client id, and using your admin username/password.
OK thanks. I tried it and am now getting:
keycloak.exceptions.KeycloakAuthenticationError: 401: b’{“error”:“invalid_grant”,“error_description”:“Invalid user credentials”}’
But I am using the same credentials I log in with. Also how would I go about adding view-realm to the user. I did not see that option in the admin console?
Setup should look like this:
keycloak_admin = KeycloakAdmin(server_url="https://my-keycloak-host/auth/",
username='admin',
password='password',
realm_name=realm,
client_id='admin-cli',
verify=True)
Granting realm-management roles can be done in the “Role Mappings” tab of the user (selecting “Filter by clients” in the modal):
I got it working. I was using an admin user and password from the master realm but I was logging into a different realm. Thanks for your help.
