用keycloak做oidc认证server, 在认证成功后;不存在于kubesphere中的用户会创建,点击"确认"时报错,如下:
{
code: 403,
kind: 'Status',
apiVersion: 'v1',
metadata: {},
status: 'Failure',
message: 'users.iam.kubesphere.io is forbidden: User "system:pre-registration" cannot create resource "users" in API group "iam.kubesphere.io" at the cluster scope',
reason: 'Forbidden',
details: { group: 'iam.kubesphere.io', kind: 'users' },
statusText: 'Forbidden'
}
请问需要怎么操作