diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml
index 5e6fc1e80f128c537393ef3ef7b1f20191e59e4d..9afebd9d65512ad22a625f6e204dee47b871969a 100644
--- a/roles/keycloak/tasks/main.yml
+++ b/roles/keycloak/tasks/main.yml
@@ -18,10 +18,22 @@
   notify:
     - restart keycloak
 
+- name: request a bearer token
+  uri:
+    url: http://127.0.0.1:8080/auth/realms/master/protocol/openid-connect/token
+    method: POST
+    body_format: form-urlencoded
+    body:
+      username: "{{ vault_keycloak_admin_user }}"
+      password: "{{ vault_keycloak_admin_password }}"
+      grant_type: password
+      client_id: admin-cli
+  ignore_errors: True
+  register: token
+
 - name: create an admin user
   command: /opt/keycloak/bin/add-user-keycloak.sh -r master -u "{{ vault_keycloak_admin_user }}" -p "{{ vault_keycloak_admin_password }}"
-  args:
-    creates: /opt/keycloak/standalone/configuration/keycloak-add-user.json
+  when: token.status == 401
 
 - name: start and enable keycloak
   service: name=keycloak enabled=yes state=started