Keycloak Admin API: Unable to create a realm

Question

I want to create a realm in Keycloak using the REST Admin APIs. Below is what I have done until now

• In the master realm, create a new client custom-admin-api .

• In the Service accounts roles of the client, assign the role of realm-admin.

• Generate the access_token using the client-id and client-secret. The token has the below roles.

  {"resource_access":{"realm-management":{"roles":["view-identity-providers","view-realm","manage-identity-providers","impersonation","realm-admin","create-client","manage-users","query-realms","view-authorization","query-clients","query-users","manage-events","manage-realm","view-events","view-users","view-clients","manage-authorization","manage-clients","query-groups"]}}}
  

• Create the realm. I get an error response.

curl --location 'https://my-keycloak/auth/admin/realms' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer e...mFGA' \
--data '{
  "realm": "test",
  "displayName": "Test",
  "enabled": true
}'

403
{"error":"unknown_error"}

Can anyone guide me on what changes I need to make to create a new Realm?

Note: I'm able to create new users with the same access_token.

Answer 1

This way can do create realm by user's token

1. In the master realm, create custom-admin-api client

And 'create-role` with create-realm.

Role name: create-realm
Description: ${role_create-realm}

1. In the master realm, create a new power-user (password: 1234).

And Assign Role with create-realm

After Assign

Create Realm by Postman

Step 1. Tests Tab, setting

var jsonData = JSON.parse(responseBody);
postman.setEnvironmentVariable("power-token", jsonData.access_token);

Step 2. Body Setting

Step 3 Get access-token URL

POST http://localhost:8080/auth/realms/master/protocol/openid-connect/token

Step 5 Create Realm

Setting Token

Body

{"realm":"demo-realm","enabled":true}

Result

Create Realm by Curl

Get access token at Git Bash

POWER_TOKEN=$(curl --silent --location --request POST "http://localhost:8080/auth/realms/master/protocol/openid-connect/token" \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'username=power-user' \
--data-urlencode 'password=1234' \
--data-urlencode 'client_id=admin-cli' | jq -r '.access_token')

Print access token

echo $POWER_TOKEN

Create realm

curl --silent --show-error -L -X POST "http://localhost:8080/auth/admin/realms" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer ""$POWER_TOKEN" \
--data '{"realm":"demo-realm-2","enabled":true}'

Result