Before reporting an issue

• I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

admin/ui

Describe the bug

When logging into the admin UI (/admin/master/console/) with a user that has no permissions to view the master realm, the user is greeted with a "Network response was not OK." message because whoami?currentRealm=master returns a 403 Forbidden.

When then selecting the correct realm in the drop down the UI does not reload/change, while the URL does (/admin/master/console/#/test) and clicking "Press here to refresh and continue" the default URL (/admin/master/console/) is refreshed, not the one of the just selected realm.

Version

25.0.5

Regression

• The issue is a regression

Expected behavior

I expect that the UI redirects to the first valid realm and does not fallback/stop to the default master realm, when the user does not have access to it.

At least I would expect, that selecting a valid realm in the drop down, refreshes the UI and actually loads the content of the requested realm (not just the navigation bar on the left).

Actual behavior

See "Describe the bug" ☝🏻

How to Reproduce?

1. Create a user that has no access to the master realm. For example with a group like this:

groups:
  - name: user-manager
    clientRoles:
      test-realm:
        - view-users
        - query-users
        - manage-users
        - query-groups

2. Log in with that user on <url>/admin/master/console/
3. You are greeted with
   
4. Selecting "test" in the realm drop down and only updates the navigation bar on the left, not the content itself.
5. Clicking "Press here to refresh and continue" redirects back to <url>/admin/master/console/ which results in 3.

Anything else?

When directly calling the UI for a valid realm (/admin/master/console/#/test), then it works as expected. So as a workaround the users need to bookmark the "correct" URL, instead of the base URL.