This is an automated email from the ASF dual-hosted git repository.
yasithdev pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/airavata.git
The following commit(s) were added to refs/heads/master by this push:
new c20929fd4d seed(keycloak): grant default-admin realm-management roles
(#685)
c20929fd4d is described below
commit c20929fd4dafed81e3430aeaac462392077d3b00
Author: Yasith Jayawardana <[email protected]>
AuthorDate: Sat Jun 13 22:28:41 2026 -0400
seed(keycloak): grant default-admin realm-management roles (#685)
The dev realm's default-admin had the admin-rw role but no realm-management
client roles, so server-side IAM operations that call the Keycloak admin API
with the admin's token (e.g. IamAdminService.getUsers backing /admin/users)
returned HTTP 403. Production gateway admins receive all realm-management
roles
via createTenantAdminAccount; mirror that for the dev admin by granting the
realm-management realm-admin composite.
---
conf/keycloak/realm-default.json | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/conf/keycloak/realm-default.json b/conf/keycloak/realm-default.json
index 037d879454..202676f92b 100644
--- a/conf/keycloak/realm-default.json
+++ b/conf/keycloak/realm-default.json
@@ -595,6 +595,11 @@
"default-roles-10000000",
"admin-rw"
],
+ "clientRoles": {
+ "realm-management": [
+ "realm-admin"
+ ]
+ },
"notBefore": 0,
"groups": []
},
