When you create a realm in keycloak with password policy and you want to exclude the admin user from this policy do this follow these steps :
When a user creates new realm e.g "FooRealm" keycloak adds sibling client inside the master realm with a suffix -realm, in this case, we will see FooRealm-realm
1- Inside this client, FooRealm-realm do those changes
- access type = confidential
- Standard Flow Enables = ON Direct Access
- Grants Enables = ON
2- Create user inside the master realm, In user details, go to:
- Role Mappings >> Clients Roles and from the dropdown menu select the sibling client
(FooRealm-realm) and make sure it is own all the roles inside
3- Now To fetch all the user from the Slave realm FooRealm
Keycloak keycloak = KeycloakBuilder.builder()
.serverUrl("http://localhost/auth")
.realm("master")
.grantType(OAuth2Constants.PASSWORD)
.clientId(FooRealm-realm)
.clientSecret("7f0080cf-xxxx-xxxxx-9115-xxxxxxxxxx")
.username("sysadmin")
.password("x123456")
.build();
RealmResource realmResource = keycloak.realm("FooRealm");
realmResource.users().list(0, 1000);