diff --git a/services/src/main/java/org/keycloak/services/clientregistration/ClientRegistrationAuth.java b/services/src/main/java/org/keycloak/services/clientregistration/ClientRegistrationAuth.java
index 8434593..5dc7285 100644
--- a/services/src/main/java/org/keycloak/services/clientregistration/ClientRegistrationAuth.java
+++ b/services/src/main/java/org/keycloak/services/clientregistration/ClientRegistrationAuth.java
@@ -17,7 +17,9 @@
package org.keycloak.services.clientregistration;
+import com.sun.xml.bind.v2.runtime.reflect.opt.Const;
import org.jboss.resteasy.spi.UnauthorizedException;
+import org.keycloak.Config;
import org.keycloak.common.util.Time;
import org.keycloak.events.Errors;
import org.keycloak.events.EventBuilder;
@@ -28,6 +30,7 @@ import org.keycloak.util.TokenUtil;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.UriInfo;
+import java.util.LinkedList;
import java.util.List;
import java.util.Map;
@@ -39,6 +42,7 @@ public class ClientRegistrationAuth {
private KeycloakSession session;
private EventBuilder event;
+ private RealmModel realm;
private JsonWebToken jwt;
private ClientInitialAccessModel initialAccessModel;
@@ -50,7 +54,7 @@ public class ClientRegistrationAuth {
}
private void init() {
- RealmModel realm = session.getContext().getRealm();
+ realm = session.getContext().getRealm();
UriInfo uri = session.getContext().getUri();
String authorizationHeader = session.getContext().getRequestHeaders().getRequestHeaders().getFirst(HttpHeaders.AUTHORIZATION);
@@ -174,18 +178,25 @@ public class ClientRegistrationAuth {
return false;
}
- Map<String, List<String>> realmManagement = resourceAccess.get(Constants.REALM_MANAGEMENT_CLIENT_ID);
- if (realmManagement == null) {
- return false;
+ List<String> roles = null;
+
+ Map<String, List<String>> map;
+ if (realm.getName().equals(Config.getAdminRealm())) {
+ map = resourceAccess.get(realm.getMasterAdminClient().getClientId());
+ } else {
+ map = resourceAccess.get(Constants.REALM_MANAGEMENT_CLIENT_ID);
+ }
+
+ if (map != null) {
+ roles = map.get("roles");
}
- List<String> resources = realmManagement.get("roles");
- if (resources == null) {
+ if (roles == null) {
return false;
}
for (String r : role) {
- if (resources.contains(r)) {
+ if (roles.contains(r)) {
return true;
}
}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java
index 73e79c5..70bfed0 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java
@@ -19,8 +19,10 @@ package org.keycloak.testsuite.client;
import org.junit.Test;
import org.keycloak.client.registration.Auth;
+import org.keycloak.client.registration.ClientRegistration;
import org.keycloak.client.registration.ClientRegistrationException;
import org.keycloak.client.registration.HttpErrorException;
+import org.keycloak.models.Constants;
import org.keycloak.representations.idm.ClientRepresentation;
import javax.ws.rs.NotFoundException;
@@ -57,6 +59,23 @@ public class ClientRegistrationTest extends AbstractClientRegistrationTest {
}
@Test
+ public void registerClientInMasterRealm() throws ClientRegistrationException {
+ ClientRegistration masterReg = ClientRegistration.create().url(suiteContext.getAuthServerInfo().getContextRoot() + "/auth", "master").build();
+
+ String token = oauthClient.getToken("master", Constants.ADMIN_CLI_CLIENT_ID, null, "admin", "admin").getToken();
+ masterReg.auth(Auth.token(token));
+
+ ClientRepresentation client = new ClientRepresentation();
+ client.setClientId(CLIENT_ID);
+ client.setSecret(CLIENT_SECRET);
+
+ ClientRepresentation createdClient = masterReg.create(client);
+ assertNotNull(createdClient);
+
+ adminClient.realm("master").clients().get(createdClient.getId()).remove();
+ }
+
+ @Test
public void registerClientAsAdminWithCreateOnly() throws ClientRegistrationException {
authCreateClients();
registerClient();
