<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On 6 September 2016 at 10:06, Thomas Darimont <span dir="ltr"><<a href="mailto:thomas.darimont@googlemail.com" target="_blank">thomas.darimont@googlemail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hello group,<div><br></div><div>keycloak ships with the add-user-keycloak.sh script to create an initial realm admin user</div><div>with the provided username / password combination.</div><div><br></div><div>We're currently running this script every time when our keycloak docker container</div><div>starts which triggers a Unique Constraint Violation if the admin user has already been created </div><div>- which is what I would expect.</div><div><br></div><div>07:52:39,103 ERROR [org.keycloak.services] (ServerService Thread Pool -- 56) KC-SERVICES0010: Failed to add user 'admin' to realm 'master': user with username exists<br></div><div><br></div><div>-> Perhaphs an option like "create if not exists" would be nice.</div></div></blockquote><div><br></div><div>You can obviously just ignore that error message, but adding an option to suppress doesn't hurt</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Since we need to periodically change the password of that admin user I wonder how this should be</div><div>done. Since the add-user-keycloak.sh doesn't seem to provide a way to change a password the only way seems to be changing the admin password in the realm admin-console. </div></div></blockquote><div><br></div><div>It wasn't intended as a tool to reset the password. It's purely a tool to add an initial admin user.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><br></div><div>However it is easy to get locked out of Keycloak if one changes the password via the realm admin-console e.g. due to a typo...</div></div></blockquote><div><br></div><div>Add a new user. You could also do other mistakes like removing roles from the admin user. That's why adding a new user is a recovery option that always works.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><br></div><div>Cheers,</div><div>Thomas</div></div>
<br>______________________________<wbr>_________________<br>
keycloak-dev mailing list<br>
<a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/<wbr>mailman/listinfo/keycloak-dev</a><br></blockquote></div><br></div></div>