i set up a realm and added some users.
i can login to my personal apps, and i can login to account console. however the account console says forbidden:
this only happens for users in the new realm. for users in the master realm, i can login and modify anything in the account console.
users in the realm have the following role mapping (manage-account, manage-account-links, view profile)
the account-console-dedicated scope of the account-console client also has these scopes set.
in the realm settings the “user-managed access” is turned on.
keycloak is running on debian behind an apache reverse proxy.
i have read this: 401 Unauthorized going into v2 Account Console
and this: Forbidden access to account console with Identity provider account user
but still do not get it to work.
any help really appreciated.