<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">Hi,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">From version 1.9.4 and above I can't access the admin console with realm admin user.<o:p></o:p></p>
<p class="MsoNormal">The realm admin user is a specific realm admin, it was created in the master realm and his only roles are the client (the realm) roles.<o:p></o:p></p>
<p class="MsoNormal">I am getting the below exception and it look like it's not a bug (see RealmsAdminResource.java line 114), if so how am I supposed to create an admin only for a realm ?
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Also what about realm admins created in versions 1.9.3 could they still access the admin console if KeyCloak will be upgraded ?<o:p></o:p></p>
<p class="MsoNormal"><span style="color:#4472C4"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#4472C4">2016-06-07 17:09:09,962 ERROR [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-79) RESTEASY002005: Failed executing GET /admin/realms: org.keycloak.services.ForbiddenException<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#4472C4"> at org.keycloak.services.resources.admin.RealmsAdminResource.addRealmRep(RealmsAdminResource.java:114)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#4472C4"> at org.keycloak.services.resources.admin.RealmsAdminResource.getRealms(RealmsAdminResource.java:102)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#4472C4"><o:p> </o:p></span></p>
<p class="MsoNormal">Thanks,<o:p></o:p></p>
<p class="MsoNormal">Haim.<o:p></o:p></p>
</div>
The information contained in this message is proprietary to the sender, protected from disclosure, and may be privileged. The information is intended to be conveyed only to the designated recipient(s) of the message. If the reader of this message is not the
intended recipient, you are hereby notified that any dissemination, use, distribution or copying of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by replying to
the message and deleting it from your computer. Thank you.
</body>
</html>