Creating super admin via setup scripts

Hello,

I am populating my OR instances using the REST API.
One of the things is adding auto-provisioning configurations.
The manager log shows that only users with super admin role can do this.

I create the user that can access the API in the KeyCloakSetup script.
I’m able to create all rights such as ClientRole.READ_
ASSETS, ClientRole.WRITE_ASSETS etc. (as found in the demo keycloaksetup scripts) , but am unable to find how i can mark it as super admin, any tips?

Thanks in advance

To answer my own question again:

The command is: keycloakProvider.isMasterRealmAdmin(#username#.getId())

As the super admin possibility seems only an option for the master realm.

1 Like

Coming back to this topic, the fix above does not seem to work, it seems it is a read only variable.

Still looking for a solution, trying to avoid manual setup steps at all cost :wink:

The exceptions that gets thrown:

manager/src/main/java/org/openremote/manager/provisioning/ProvisioningResourceImpl.java

@Override

public long createProvisioningConfig(ProvisioningConfig<?, ?> provisioningConfig) {

if (!isSuperUser()) {

throw new ForbiddenException(“Only super admin can create provisioning configurations”);

}

provisioningConfig = provisioningService.merge(provisioningConfig);

return provisioningConfig.getId();

Super admin means has realm role admin and is a user in the master realm; you can alter realm roles like this:

You can use the Constants.MASTER_REALM_ADMIN_USER string for the admin role.

Hope this helps

That’s it rich, thanks!

        ManagerIdentityProvider identityProvider = identityService.getIdentityProvider();
                  identityProvider.updateUserRealmRoles(realmMaster.getName(), serviceuser.getid(), identityProvider.addRealmRoles(realmMaster.getName(), serviceuser.getid(), Constants.MASTER_REALM_ADMIN_USER));