[keycloak-user] 403 Forbidden error when trying to access realm admin console in 4.7.0
Mandy Fung
mandy.fung at tasktop.com
Thu Dec 27 12:08:08 EST 2018
Thanks, I have created a new bug report in Jira:
https://issues.jboss.org/browse/KEYCLOAK-9177
On Tue, Dec 25, 2018 at 6:39 AM Geoffrey Cleaves <geoff at opticks.io> wrote:
> I think you should open a bug report. I agree with you that it does not
> make sense to expose those other config settings (even if limited to
> read-only.) Post the ticket here and I'll vote for it.
>
> On Mon, 24 Dec 2018 at 17:14, Mandy Fung <mandy.fung at tasktop.com> wrote:
>
>> Thanks for the reply! This indeed allowed the user to access the realm
>> console. However, this also exposed other configurations that we do not
>> wish the admin users to see such as configuring the Realm Settings, Roles,
>> User Federation, and Authentication.
>>
>> Is there another configuration that would allow the user to access the
>> admin console and only expose the manage groups and users tab?
>>
>> Thanks again,
>> Mandy
>>
>> On Sat, Dec 22, 2018 at 2:00 PM Geoffrey Cleaves <geoff at opticks.io>
>> wrote:
>>
>>> When I was messing with granular permissions recently I had to give the
>>> view-realm role in order to log into the Admin Console.
>>>
>>> On Fri, Dec 21, 2018, 19:29 Mandy Fung <mandy.fung at tasktop.com wrote:
>>>
>>>> Hello,
>>>>
>>>> We've recently upgraded from 4.5.0 to 4.7.0 and users can no longer
>>>> access
>>>> the dedicated realm admin console (/auth/admin/{realm}/console) with the
>>>> same realm-management roles that they had in 4.5.0.
>>>>
>>>> We only want our admin users to manage users and groups and in 4.5.0 we
>>>> were able to assign the following roles to our admin users such that
>>>> only
>>>> the "Manage > Groups" and "Manage > Users" tab show up in the realm
>>>> admin
>>>> console: 'manage-users', 'query-groups', 'query-users', and
>>>> 'view-users'.
>>>>
>>>> However, with the new upgrade to 4.7.0 these admin users with the same
>>>> realm-management roles assigned can no longer access the realm admin
>>>> console and they see a 403 Forbidden error page.
>>>>
>>>> Has anyone run into this issue recently or if there are some new realm
>>>> management roles added in 4.7.0 that we need to re-configure?
>>>>
>>>> Best regards,
>>>> Mandy
>>>>
>>>> --
>>>>
>>>>
>>>> *Mandy Fung **|* Software Engineer 1 *| *Tasktop
>>>>
>>>> *email: *mandy.fung at tasktop.com
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>
>>
>> --
>>
>>
>> *Mandy Fung **|* Software Engineer 1 *| *Tasktop
>>
>> *email: *mandy.fung at tasktop.com
>>
>
>
> --
>
> Regards,
> Geoffrey Cleaves
>
>
>
>
>
>
--
*Mandy Fung **|* Software Engineer 1 *| *Tasktop
*email: *mandy.fung at tasktop.com
More information about the keycloak-user
mailing list