Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-5152

Master admin cannot create composite roles in non-master realms

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: 3.2.0.Final
    • Fix Version/s: 3.2.1.Final, 3.3.0.CR1
    • Component/s: None
    • Labels:
      None
    • Steps to Reproduce:
      1. create master admin user
      2. create another realm
      3. go to realm roles and create one
      4. turn it into composite and try to add any role to it
    • Docs QE Status:
      NEW
    • QE Status:
      ASSIGNED

      Description

      Starting with 3.2.0, master admin can't configure composite roles in other realms. When trying to add roles to a composite, an exception is thrown:

      2017-07-05 23:12:52,654 ERROR [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-12) RESTEASY002005: Failed executing POST /admin/realms/foobar/roles-by-id/3e38af68-5aef-482c-868e-461f12e11592/composites: org.keycloak.services.ForbiddenException
              at org.keycloak.services.resources.admin.permissions.RolePermissions.requireMapComposite(RolePermissions.java:383)
              at org.keycloak.services.resources.admin.RoleResource.addComposites(RoleResource.java:70)
              at org.keycloak.services.resources.admin.RoleByIdResource.addComposites(RoleByIdResource.java:161)
              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
              at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
              at java.lang.reflect.Method.invoke(Method.java:498)
              at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139)
      

      This used to work out of the box in versions prior to 3.2.0.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                bill.burke Bill Burke
                Reporter:
                dimitri.teleguin Dmitry Telegin
                Tester:
                Mark True
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: