Fix 403 Forbidden when creating users in Keycloak

Recently I try using Keycloak for IAM for my new website. I can log in just fine but couldn’t create any user.

I use a client to do all the tasks with Keycloak. After a few hours of searching, I found out that the client missed the manage-users role. That’s why it couldn’t create any user despite I have my Java code setup correctly.

So, what’s the fix?

The fix turned out to be very simple.

Here are the steps:

First, login to your realm, select your client and go to service account roles.

You’ll see something like this:

So, the magic is to select realm-management in the Client Roles select box and add user-management role to your service account.

That’s all you need to do to avoid 403 when creating users with Keycloak.

Leave a Comment