I've spotted a few issues with the admin console: Roles are retrieved directly from UserModel instead of token - this will cause it to bypass scope for app/client. https://issues.jboss.org/browse/KEYCLOAK-484 Once in a while the page is empty when opening the admin console - this is caused by WhoAmI request not being completed before the page is displayed. I think the solution to this is to remove WhoAmI and use information from the token instead. When a realm is created/deleted we should redirect to login page to retrieve a new token (this will be required for the above any ways). https://issues.jboss.org/browse/KEYCLOAK-482 I can look at fixing these tomorrow