Reputation: 43
Keycloak Admin API: Unable to create a realm
I want to create a realm in Keycloak using the REST Admin APIs. Below is what I have done until now
In the
masterrealm, create a new clientcustom-admin-api.In the
Service accounts rolesof the client, assign the role ofrealm-admin.Generate the
access_tokenusing theclient-idandclient-secret. The token has the below roles.{"resource_access":{"realm-management":{"roles":["view-identity-providers","view-realm","manage-identity-providers","impersonation","realm-admin","create-client","manage-users","query-realms","view-authorization","query-clients","query-users","manage-events","manage-realm","view-events","view-users","view-clients","manage-authorization","manage-clients","query-groups"]}}}Create the realm. I get an error response.
curl --location 'https://my-keycloak/auth/admin/realms' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer e...mFGA' \
--data '{
"realm": "test",
"displayName": "Test",
"enabled": true
}'
403
{"error":"unknown_error"}
Can anyone guide me on what changes I need to make to create a new Realm?
Note: I'm able to create new users with the same access_token.
Upvotes: 1
Views: 2407
Answers (1)
Reputation: 9390
This way can do create realm by user's token
1. In the master realm, create custom-admin-api client
And 'create-role` with create-realm.
Role name: create-realm
Description: ${role_create-realm}
1. In the master realm, create a new power-user (password: 1234).
And Assign Role with create-realm
After Assign
Create Realm by Postman
Step 1. Tests Tab, setting
var jsonData = JSON.parse(responseBody);
postman.setEnvironmentVariable("power-token", jsonData.access_token);
Step 2. Body Setting
Step 3 Get access-token URL
POST http://localhost:8080/auth/realms/master/protocol/openid-connect/token
Step 5 Create Realm
Setting Token
Body
{"realm":"demo-realm","enabled":true}
Result
Create Realm by Curl
Get access token at Git Bash
POWER_TOKEN=$(curl --silent --location --request POST "http://localhost:8080/auth/realms/master/protocol/openid-connect/token" \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'username=power-user' \
--data-urlencode 'password=1234' \
--data-urlencode 'client_id=admin-cli' | jq -r '.access_token')
Print access token
echo $POWER_TOKEN
Create realm
curl --silent --show-error -L -X POST "http://localhost:8080/auth/admin/realms" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer ""$POWER_TOKEN" \
--data '{"realm":"demo-realm-2","enabled":true}'
Result
Upvotes: 1
Related Questions
- Get user list in my keycloak (18.0) realm with client roles
- Keycloak API get each role for a specific user
- Keycloak Huge JWT Token of master admin
- Keycloak view-users, manage-users and admin roles not found in Services Account Roles
- Keycloak - Manage realm with user from different realm
- 403 during user creation using keycloak-admin-client
- Keycloak Realm-specific authorization following cross-realm authentication