From 41e253c054d7db1682a0865603bdf20d0893ba6f Mon Sep 17 00:00:00 2001
From: Sazzad Hossain <hossainsazzad95@yahoo.com>
Date: Tue, 30 May 2023 19:42:48 +0600
Subject: [PATCH] Check whether CREATE_REALM role exists in realm role mappings
 before hasRole check for user. Closes #20332

---
 .../org/keycloak/services/resources/admin/AdminConsole.java  | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/services/src/main/java/org/keycloak/services/resources/admin/AdminConsole.java b/services/src/main/java/org/keycloak/services/resources/admin/AdminConsole.java
index e4d68ae673..1edf6e9448 100644
--- a/services/src/main/java/org/keycloak/services/resources/admin/AdminConsole.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/AdminConsole.java
@@ -227,7 +227,10 @@ public class AdminConsole {
         boolean createRealm = false;
         if (realm.equals(masterRealm)) {
             logger.debug("setting up realm access for a master realm user");
-            createRealm = user.hasRole(masterRealm.getRole(AdminRoles.CREATE_REALM));
+            RoleModel createRealmRole = masterRealm.getRole(AdminRoles.CREATE_REALM);
+            if (createRealmRole != null) {
+                createRealm = user.hasRole(createRealmRole);
+            }
             addMasterRealmAccess(user, realmAccess);
         } else {
             logger.debug("setting up realm access for a realm user");