To resolve the 403 error, see my reply here:
How do I create policies via API - Miscellanaeous - Keycloak