Hello,
I am populating my OR instances using the REST API.
One of the things is adding auto-provisioning configurations.
The manager log shows that only users with super admin role can do this.
I create the user that can access the API in the KeyCloakSetup script.
I’m able to create all rights such as ClientRole.READ_
ASSETS, ClientRole.WRITE_ASSETS etc. (as found in the demo keycloaksetup scripts) , but am unable to find how i can mark it as super admin, any tips?
Thanks in advance
To answer my own question again:
The command is: keycloakProvider.isMasterRealmAdmin(#username#.getId())
As the super admin possibility seems only an option for the master realm.
Coming back to this topic, the fix above does not seem to work, it seems it is a read only variable.
Still looking for a solution, trying to avoid manual setup steps at all cost 
The exceptions that gets thrown:
manager/src/main/java/org/openremote/manager/provisioning/ProvisioningResourceImpl.java
@Override
public long createProvisioningConfig(ProvisioningConfig<?, ?> provisioningConfig) {
if (!isSuperUser()) {
throw new ForbiddenException(“Only super admin can create provisioning configurations”);
}
provisioningConfig = provisioningService.merge(provisioningConfig);
return provisioningConfig.getId();
Super admin means has realm role admin and is a user in the master realm; you can alter realm roles like this:
You can use the Constants.MASTER_REALM_ADMIN_USER string for the admin role.
Hope this helps
That’s it rich, thanks!
ManagerIdentityProvider identityProvider = identityService.getIdentityProvider();
identityProvider.updateUserRealmRoles(realmMaster.getName(), serviceuser.getid(), identityProvider.addRealmRoles(realmMaster.getName(), serviceuser.getid(), Constants.MASTER_REALM_ADMIN_USER));
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.