<div dir="ltr">ok, i had to go to : <span style="font-size:13px">User1 |</span> ROLE MAPPING | APPLICATION ROLES | select the application : realm-management | add the role : realm-admin to my user and now it is working !<div><br></div><div>Questions : </div><div><br></div><div># 1 / Why is the application : realm-management involved in this ? In the example am using the application : <span style="font-size:13px">examples-admin-client which is completely different !</span></div><div><span style="font-size:13px"># 2 / When someone needs to administer a realm via the admin client which client id do you recommend using ? do we have to create a new client id (i mean application) or should we use some application created by default within the realm such as : realm-management on or : </span>security-admin-console ?</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Dec 30, 2014 at 6:08 PM, Alexander Chriztopher <span dir="ltr"><<a href="mailto:alexander.chriztopher@gmail.com" target="_blank">alexander.chriztopher@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Yes that option was activated for the realm !!</div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Dec 30, 2014 at 1:31 PM, Stian Thorgersen <span dir="ltr"><<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Did you enable 'Direct Grant API' for your realm? If not open the admin console click on the realm -> settings -> login and toggle 'Direct Grant API' to ON<br>
<div><div><br>
----- Original Message -----<br>
> From: "Alexander Chriztopher" <<a href="mailto:alexander.chriztopher@gmail.com" target="_blank">alexander.chriztopher@gmail.com</a>><br>
> To: <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
> Sent: Friday, 19 December, 2014 4:06:56 PM<br>
> Subject: [keycloak-user] HTTP 403 Forbidden on Keycloak.getInstance<br>
><br>
> Hi,<br>
><br>
> I have a realm with an application called : examples-admin-client and would<br>
> like to use it to manage my realm but i get an error :<br>
> javax.ws.rs.ClientErrorException: HTTP 403 Forbidden every time i make the<br>
> following call :<br>
><br>
> Keycloak keycloak = Keycloak.getInstance(authServer, "realm-name", "User1",<br>
> "password", "examples-admin-client",<br>
> "a5890cdf-e1df-40c0-9d50-26ad2f7badde");<br>
><br>
> When i try to do the same thing with the example realm (i use the json<br>
> example-realm.json provided by the keycloak project) this works nicely<br>
> actually !<br>
><br>
> Btw, i can successfully login with the user : User1 with that password.<br>
><br>
> This is the json for my realm :<br>
><br>
> {<br>
> "realm": "realm-name",<br>
> "realm-public-key":<br>
> "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxwUIE6W3BZYlSxDPpwkknb2ObnrEsGMUJGy3HfNEfkfu9rcY5bxkllLsW32KlR78++xtuI11IE2nuh6nJmUsIKMb55Ez9n7/E9kPmSF6lxavZlQY0HfBnR3ZWgzsoUUz4n7pOhmqHIAGXeuxnMDQ5/upwcolFIZRor1v7oT/H8QIDAQAB",<br>
> "auth-server-url": " <a href="http://localhost:8080/auth" target="_blank">http://localhost:8080/auth</a> ",<br>
> "ssl-required": "none",<br>
> "resource": "examples-admin-client",<br>
> "credentials": {<br>
> "secret": "a5890cdf-e1df-40c0-9d50-26ad2f7badde"<br>
> }<br>
> }<br>
><br>
> Thanks for any help on this one !<br>
><br>
</div></div>> _______________________________________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>