Hi,
I am using a dockerized keycloak instance for my application and managed to break the access to the account management page. I did a json backup and reverted to that, the access remains broken.
All I get is a friendly 403 (“We’re sorry, no access”) when trying to access the management page. When I assign the manage-account role to a user manually I get access again. The funny thing: I am pretty sure it was working without any special user-specific role before. I could update the database to assign the role to all users that already exist but I would rather set it back to the way it was.
Is there any setting in the realm or client that has to be present for the account management to be accessible?
I have two clients, one for my application, one for the account. Both are set to confidential (setting either to public did not work).
Any help is highly appreciated, happy to provide additional information if necessary!
Thanks for the reply! Upon realm creation the roles “manage-account” and “view-profile” are set by as default roles. In the vanilla keycloak from @Robinyo’s reply, the users are all assinged these roles correctly
When I check the role mappings of my users, they do NOT have those roles, only newly created users have access, since I added the “manage-account” back to the default roles.
At least I know now that the role “manage-account” is the only thing that has any influence on the users ability to manage his account (duh) - and if it was working before, my users must have had this role.
Since it was working before, I must’ve accidentally removed these roles from all users, which seems to be a hard thing to do accidentally - maybe with the import I removed and added the roles and my users lost their reference to it? Doesn’t sound right…
Fixed it by (re-?)assigning the roles in the database directly.