Hello
I’m using a client “admin-cli” in order to create users in my application.
Recently, I’ve deployed to the production environnement.
I’ve recreated my keycloak configuration from scratch. The admin-cli can’t add user in this environnement.
In order to understand this issue, I’ve create in my developpemnt environnment a new client myClientAdmin and assign the same rigth as the admin-cli.
And I reproduce the same issue as in my production environnement.
Then I try with kcadm
kcadm.sh config credentials --server http://localhost:8080/auth --realm mira --client admin-cli --secret secret1
kcadm.sh get-roles -r mira --uusername service-account-admin-cli --cclientid realm-management
—> “name” : “realm-admin”
kcadm.sh get users -r mira -q role=XXX --fields “username” → works fine
kcadm.sh config credentials --server http://localhost:8080/auth --realm mira --client myClientAdmin --secret secret2
kcadm.sh get-roles -r mira --uusername service-account-myClientAdmin --cclientid realm-management
—> “name” : “realm-admin”
kcadm.sh get users -r mira -q role=XXX --fields “username” → doesn’t works
—> Logs of keycloak
13:07:46,001 DEBUG [org.keycloak.services.error.KeycloakErrorHandler] (default task-45) Error response 403: org.keycloak.services.ForbiddenException
at org.keycloak.keycloak-services@16.0.0//org.keycloak.services.resources.admin.permissions.UserPermissions.requireQuery(UserPermissions.java:283)
at org.keycloak.keycloak-services@16.0.0//org.keycloak.services.resources.admin.UsersResource.getUsers(UsersResource.java:275)
at jdk.internal.reflect.GeneratedMethodAccessor551.invoke(Unknown Source)
I don’t undestand this issue the two clients seems to have the same client roles : real-admin
Can anyone help me ?
Keycloak 16.0.0
best regards