And doing as I suggested (builder object with Master, create user realm) with SpringBootKeycloak) causes a 404 error on the create user line. So that is not right either. And using "Master" throughout also fails with a 404 error. Interestingly, setting realm back to SpringBootKeycloak and using an incorrect password for admincloak still causes a 401 (unauthorized) error on the create user line. Not on the keycloak builder line. Is that a design error in the api? It does seem inherently wrong to not return an exception if the incorrect user credentials are input. ------ Original Message ------ From: "Tony Harris" <Tony.Harris(a)oneadvanced.com&gt; To: "John Norris" <johnnorris-10(a)outlook.com>; &quot;keycloak-user(a)lists.jboss.org&quot; <keycloak-user(a)lists.jboss.org&gt; Sent: 04/12/2019 17:35:01 Subject: RE: create user via java api >If you look under the Users Role mapping tab, and select the client Roles for realm-management you will find all the roles there. > > _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user