Search code examples

Keycloak Admin API: Unable to create a realm

I want to create a realm in Keycloak using the REST Admin APIs. Below is what I have done until now

  • In the master realm, create a new client custom-admin-api .

  • In the Service accounts roles of the client, assign the role of realm-admin.

  • Generate the access_token using the client-id and client-secret. The token has the below roles.

  • Create the realm. I get an error response.

curl --location 'https://my-keycloak/auth/admin/realms' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer e...mFGA' \
--data '{
  "realm": "test",
  "displayName": "Test",
  "enabled": true

Can anyone guide me on what changes I need to make to create a new Realm?

Note: I'm able to create new users with the same access_token.


  • This way can do create realm by user's token

    1. In the master realm, create custom-admin-api client

    And 'create-role` with create-realm.

    Role name: create-realm
    Description: ${role_create-realm}

    enter image description here

    enter image description here

    1. In the master realm, create a new power-user (password: 1234).

    enter image description here

    And Assign Role with create-realm

    enter image description here

    After Assign enter image description here

    Create Realm by Postman

    Step 1. Tests Tab, setting

    var jsonData = JSON.parse(responseBody);
    postman.setEnvironmentVariable("power-token", jsonData.access_token);

    enter image description here

    Step 2. Body Setting

    enter image description here

    Step 3 Get access-token URL

    POST http://localhost:8080/auth/realms/master/protocol/openid-connect/token

    enter image description here

    Step 5 Create Realm

    Setting Token

    enter image description here



    enter image description here

    enter image description here


    enter image description here

    Create Realm by Curl

    Get access token at Git Bash

    POWER_TOKEN=$(curl --silent --location --request POST "http://localhost:8080/auth/realms/master/protocol/openid-connect/token" \
    --header 'Content-Type: application/x-www-form-urlencoded' \
    --data-urlencode 'grant_type=password' \
    --data-urlencode 'username=power-user' \
    --data-urlencode 'password=1234' \
    --data-urlencode 'client_id=admin-cli' | jq -r '.access_token')

    Print access token

    echo $POWER_TOKEN

    enter image description here

    Create realm

    curl --silent --show-error -L -X POST "http://localhost:8080/auth/admin/realms" \
    --header "Content-Type: application/json" \
    --header "Authorization: Bearer ""$POWER_TOKEN" \
    --data '{"realm":"demo-realm-2","enabled":true}'

    enter image description here


    enter image description here