Exclude a user with realm-management role from keycloak's password policy

Question

I have a user with Client Roles realm-management in a realm which contains password policy. I want to exclude this user from the password policy since I use this user to do some operation fetch the roles get all the user via Java API and I don't want all the operation to be drop when the password needs to be updated. I tried to use the admin user from the master realms but I did not get any result

Any ideas?

Answer 1

When you create a realm in keycloak with password policy and you want to exclude the admin user from this policy do this follow these steps :

When a user creates new realm e.g "FooRealm" keycloak adds sibling client inside the master realm with a suffix -realm, in this case, we will see FooRealm-realm

1- Inside this client, FooRealm-realm do those changes

• access type = confidential
• Standard Flow Enables = ON Direct Access
• Grants Enables = ON

2- Create user inside the master realm, In user details, go to:

• Role Mappings >> Clients Roles and from the dropdown menu select the sibling client (FooRealm-realm) and make sure it is own all the roles inside

3- Now To fetch all the user from the Slave realm FooRealm

Keycloak keycloak = KeycloakBuilder.builder()
        .serverUrl("http://localhost/auth")
        .realm("master")
        .grantType(OAuth2Constants.PASSWORD)
        .clientId(FooRealm-realm)
        .clientSecret("7f0080cf-xxxx-xxxxx-9115-xxxxxxxxxx")
        .username("sysadmin")
        .password("x123456")
        .build();
RealmResource realmResource = keycloak.realm("FooRealm");

realmResource.users().list(0, 1000);