[release-1.9-post-cqa] [RHDHBUGS-516]: Add required Keycloak client roles to RHBK auth setup (#2050)

openshift-cherrypick-robot · themr0c · claude · web-flow · commit 63d5a180801c · 2026-04-15T14:27:44.000+02:00
Co-authored-by: Fabrice Flore-Thébault &lt;ffloreth@redhat.com&gt;
Co-authored-by: Claude Opus 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/modules/shared/snip-enabling-user-authentication-with-rhbk-common-first-steps.adoc b/modules/shared/snip-enabling-user-authentication-with-rhbk-common-first-steps.adoc
@@ -8,8 +8,15 @@ Save the value for the next step:
 
 .. To register your {product-short} in {rhbk}, in the created realm, {rhbk-docs-link}/html-single/getting_started_guide/index#getting-started-zip-secure-the-first-application[secure the first application], with:
 ... **Client ID**: A distinctive client ID, such as __<{product-very-short}>__.
+... **Client authentication**: Set to *On* (confidential access type).
+... **Service accounts roles**: Enable *Service accounts roles*.
 ... **Valid redirect URIs**: Set to the OIDC handler URL: `pass:c,a,q[{my-product-url}/api/auth/oidc/handler/frame]`.
 ... Go to the **Credentials** tab and copy the **Client secret**.
+... Go to the **Service accounts roles** tab and click *Assign role*.
+Filter by client `realm-management` and assign the following roles:
+* `query-groups`
+* `query-users`
+* `view-users`
 ... Save the values for the next step:
 * **Client ID**
 * **Client Secret**
