2

There are 2 realms in Keycloak: master and custom. Both have admin users.

Custom realm admin adds new user new_admin and assigns role admin to him via admin console.

The user can access his account details at auth/realms/custom/account/.

However, error Forbidden You don't have access to the requested resource pops when new_admin user tries to enter realm administration console at auth/admin/custom/console/.

The same issue happens even when master realm admin adds new admin user to custom realm.

I'm using Keycloak 4.3.0.

Is it a bug or realm can't have two admins?

rok
  • 9,403
  • 17
  • 70
  • 126

2 Answers2

2

You must explicitly assign the roles of "custom-realm" to the second admin user. In admin console select the master-realm and go to "Role Mappings" of the second admin user. In the drop-box "Client Roles" select "custom-realm" and then assign the desired available roles to the user.

enter image description here

Boomer
  • 3,360
  • 20
  • 28
  • thanks, you helped me, however. I needed to add all roles of client named `realm-management` – rok Oct 17 '19 at 14:10
2

The solution was to assign role realm-admin of realm-management client to the second admin user.

enter image description here

rok
  • 9,403
  • 17
  • 70
  • 126
  • I am accessing master console with admin. But I doen't find the `realm-management` client. How can I turn it visible? – Muka Jan 08 '22 at 11:04