[keycloak-user] 403 Forbidden error when trying to access realm admin console in 4.7.0
Mandy Fung
mandy.fung at tasktop.com
Mon Dec 24 11:14:11 EST 2018
Thanks for the reply! This indeed allowed the user to access the realm
console. However, this also exposed other configurations that we do not
wish the admin users to see such as configuring the Realm Settings, Roles,
User Federation, and Authentication.
Is there another configuration that would allow the user to access the
admin console and only expose the manage groups and users tab?
Thanks again,
Mandy
On Sat, Dec 22, 2018 at 2:00 PM Geoffrey Cleaves <geoff at opticks.io> wrote:
> When I was messing with granular permissions recently I had to give the
> view-realm role in order to log into the Admin Console.
>
> On Fri, Dec 21, 2018, 19:29 Mandy Fung <mandy.fung at tasktop.com wrote:
>
>> Hello,
>>
>> We've recently upgraded from 4.5.0 to 4.7.0 and users can no longer access
>> the dedicated realm admin console (/auth/admin/{realm}/console) with the
>> same realm-management roles that they had in 4.5.0.
>>
>> We only want our admin users to manage users and groups and in 4.5.0 we
>> were able to assign the following roles to our admin users such that only
>> the "Manage > Groups" and "Manage > Users" tab show up in the realm admin
>> console: 'manage-users', 'query-groups', 'query-users', and 'view-users'.
>>
>> However, with the new upgrade to 4.7.0 these admin users with the same
>> realm-management roles assigned can no longer access the realm admin
>> console and they see a 403 Forbidden error page.
>>
>> Has anyone run into this issue recently or if there are some new realm
>> management roles added in 4.7.0 that we need to re-configure?
>>
>> Best regards,
>> Mandy
>>
>> --
>>
>>
>> *Mandy Fung **|* Software Engineer 1 *| *Tasktop
>>
>> *email: *mandy.fung at tasktop.com
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
--
*Mandy Fung **|* Software Engineer 1 *| *Tasktop
*email: *mandy.fung at tasktop.com
More information about the keycloak-user
mailing list