Recently I try using Keycloak for IAM for my new website. I can log in just fine but couldn’t create any user.
I use a client to do all the tasks with Keycloak. After a few hours of searching, I found out that the client missed the
manage-users role. That’s why it couldn’t create any user despite I have my Java code setup correctly.
So, what’s the fix?
The fix turned out to be very simple.
Here are the steps:
First, login to your realm, select your client and go to service account roles.
You’ll see something like this:
So, the magic is to select
realm-management in the
Client Roles select box and add
user-management role to your service account.
That’s all you need to do to avoid 403 when creating users with Keycloak.