Uploaded image for project: 'RH-SSO'
  1. RH-SSO
  2. RHSSO-1301

[7.2.z] User with "manage-users" role can self-assign the "realm-admin" role to have full administrative control of the realm configuration

XMLWordPrintable

      This is regression of KEYCLOAK-528 which was marked as fixed in Keycloak 3.2.0.CR1

      A customer using RH-SSO 7.2.0.GA release for Openshift image reported the same.

      I have reproduced the issue internally on RH-SSO 7.2.1 as well.

      The issue seems to only work when using the master realm. But it is still reproducible if another 'test' realm is used in RH-SSO 7.2

      Please refer to the attached screenshots capture that show the behavior.

        1. ScreenShot1_User_selfassigning_realm-admin.png
          ScreenShot1_User_selfassigning_realm-admin.png
          145 kB
        2. ScreenShot2_User_can_now_manage_Realm.png
          ScreenShot2_User_can_now_manage_Realm.png
          176 kB

              hmlnarik@redhat.com Hynek Mlnařík (Inactive)
              rhn-support-igueye Issa Gueye
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: