Since upgrading to 3.2.0.Final, my client is not able to create clients in a realm it just created. This was working before with 3.1.0.Final and earlier versions as well.
I wrote a small program to demonstrate the problem.
Before running the program, you'll need to add the "testClient" to the master realm,
Access type: confidential
You will need to modify the code to change the CLIENT_SECRET constant to match your environment.
You'll also need to change the keycloak.version property in the pom.xml to match the version you're testing against.
When running with 3.2.0.Final, we get the following:
14:50:28,552 ERROR [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-48) RESTEASY002005: Failed executing POST /admin/realms/testRealm/clients: org.keycloak.services.ForbiddenException
With 3.1.0.Final, the "testClient" is created successfully in the new testRealm.