[keycloak-user] 403 Forbidden error when trying to access realm admin console in 4.7.0
Geoffrey Cleaves
geoff at opticks.io
Tue Dec 25 09:39:24 EST 2018
I think you should open a bug report. I agree with you that it does not
make sense to expose those other config settings (even if limited to
read-only.) Post the ticket here and I'll vote for it.
On Mon, 24 Dec 2018 at 17:14, Mandy Fung <mandy.fung at tasktop.com> wrote:
> Thanks for the reply! This indeed allowed the user to access the realm
> console. However, this also exposed other configurations that we do not
> wish the admin users to see such as configuring the Realm Settings, Roles,
> User Federation, and Authentication.
>
> Is there another configuration that would allow the user to access the
> admin console and only expose the manage groups and users tab?
>
> Thanks again,
> Mandy
>
> On Sat, Dec 22, 2018 at 2:00 PM Geoffrey Cleaves <geoff at opticks.io> wrote:
>
>> When I was messing with granular permissions recently I had to give the
>> view-realm role in order to log into the Admin Console.
>>
>> On Fri, Dec 21, 2018, 19:29 Mandy Fung <mandy.fung at tasktop.com wrote:
>>
>>> Hello,
>>>
>>> We've recently upgraded from 4.5.0 to 4.7.0 and users can no longer
>>> access
>>> the dedicated realm admin console (/auth/admin/{realm}/console) with the
>>> same realm-management roles that they had in 4.5.0.
>>>
>>> We only want our admin users to manage users and groups and in 4.5.0 we
>>> were able to assign the following roles to our admin users such that only
>>> the "Manage > Groups" and "Manage > Users" tab show up in the realm admin
>>> console: 'manage-users', 'query-groups', 'query-users', and 'view-users'.
>>>
>>> However, with the new upgrade to 4.7.0 these admin users with the same
>>> realm-management roles assigned can no longer access the realm admin
>>> console and they see a 403 Forbidden error page.
>>>
>>> Has anyone run into this issue recently or if there are some new realm
>>> management roles added in 4.7.0 that we need to re-configure?
>>>
>>> Best regards,
>>> Mandy
>>>
>>> --
>>>
>>>
>>> *Mandy Fung **|* Software Engineer 1 *| *Tasktop
>>>
>>> *email: *mandy.fung at tasktop.com
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>
> --
>
>
> *Mandy Fung **|* Software Engineer 1 *| *Tasktop
>
> *email: *mandy.fung at tasktop.com
>
--
Regards,
Geoffrey Cleaves
More information about the keycloak-user
mailing list