Closed
Description
Before reporting an issue
- I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.
Area
admin/ui
Describe the bug
When a user without realm management permissions logs into a non-master realm's admin console and clicks the "Home" button on the "You don't have permission" screen, they are incorrectly redirected to the master realm's login page instead of staying within their own realm's context.
Version
26.2.0
Regression
- The issue is a regression
Expected behavior
When clicking the "Home" button on the "You don't have permission" screen in a non-master realm's admin console, the user should be redirected to the login page of the current realm (the non-master realm they were in).
Actual behavior
When clicking the "Home" button on the "You don't have permission" screen in a non-master realm's admin console, the user is incorrectly redirected to the master realm's login page.
How to Reproduce?
- Create a second realm (e.g., "test-realm")
- Create a new user in "test-realm"
- Do not assign any realm management permissions to this user
- Log in to the admin console of "test-realm" with the new user's credentials
- Observe the "You don't have permission" screen
- Click the "Home" button
- Observe that you are redirected to the master realm's login page instead of staying in "test-realm"
Anything else?
- Issue verified in both Keycloak 26.2.0 and 26.1.5
- This behavior creates confusion for users and breaks the realm isolation principle, as users from one realm should not be redirected to another realm's context