Keycloak 403 realm users query
I'm using keycloak with spring security as resource server with OAuth2, i created a user in this realm, and when this user tries to query the other users I get this :
403 Forbidden on GET request for "http://localhost:8282/admin/realms/master/users"
From what I found on the internet, there's a suggestion to either get the admin token but I'm not sure about the secure part ... or assign for each user the role to query users but this would be rather annoying to do for each user ... any idea what would be the best and secure way to this ?
Other than query the other users, the user can change some of his information and that's all
5 Replies
⌛ This post has been reserved for your question.
Hey @Santo! Please useTIP: Narrow down your issue to simple and precise questions to maximize the chance that others will reply in here./closeor theClose Postbutton above when your problem is solved. Please remember to follow the help guidelines. This post will be automatically marked as dormant after 300 minutes of inactivity.
i mean the url is for admins only
so its either admin
or you have to make a new role
that gives access to view users
thats my guess at least
I have to manually assign the role to each user or is there a way to make it by default ?
Help Guidelines
1. Don't ask questions like "Can I ask ...?" or "Can someone help me?". It's easier for everyone involved if you provide a detailed description of your problem up-front; this makes it more likely for helpers to want to help, and more likely that you'll get an answer quickly. Please provide code snippets and error messages (if any) to help us help you!
2. Please create a post in <#1023632039829831811> for your questions. Do not use other people's posts for your questions.
3. You may use the
/help ping command if your question is urgent.
Abusing this will result in warnings and/or a ban.
4. Do not ask for help with exams or homework. You may ask for help with understanding individual concepts and parts of a question, but homework and exam questions that show little effort on your part will most likely go unanswered and may be removed.
5. Do not ask your question if you didn't at least try to solve the problem yourself, are ignorant, or, instead of trying to improve, ask repeating, simple, questions.
6. Format your code using Discord's triple-backtick syntax.
7. For reasons similar to those of Stack Overflow, we currently do not allow content created by ChatGPT while helping other people. You may still share its content, when you are not helping somebody and are not looking to deceive others, for example when discussing ChatGPT and its technology.
Post Closed
This post has been closed by <@231028402025529344>.