[keycloak-user] How to add Admin User
Andrej Prievalsky
ado.boj.83 at gmail.com
Fri Apr 15 08:43:09 EDT 2016
Hi All,
in setup Wildfly-10 in domain mode + keycloak-overlay-1.9.2.Final I tried
to create Admin User in two ways like in guide:
1.) via bin/add-user.[sh|bat] -r master -u <username> -p <password>
I got this ERROR:
*[sab at idm69 wildfly]$ ./bin/add-user.sh -r master -u admin -p tmo46713*
** Error **
*WFLYDM0065: The user supplied realm name 'master' does not match the realm
name discovered from the property file(s) 'ManagementRealm'.*
*Exception in thread "main"
org.jboss.as.domain.management.security.adduser.AddUserFailedException:
WFLYDM0065: The user supplied realm name 'master' does not match the realm
name discovered from the property file(s) 'ManagementRealm'.*
* at
org.jboss.as.domain.management.security.adduser.ErrorState.execute(ErrorState.java:72)*
* at
org.jboss.as.domain.management.security.adduser.AddUser.run(AddUser.java:130)*
* at
org.jboss.as.domain.management.security.adduser.AddUser.main(AddUser.java:223)*
* at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)*
* at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)*
* at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)*
* at java.lang.reflect.Method.invoke(Method.java:497)*
* at org.jboss.modules.Module.run(Module.java:329)*
* at org.jboss.modules.Main.main(Main.java:507)*
2.) via bin/add-user-keycloak.[sh|bat] -r master -u <username> -p <password>
User was created under standalone path.
Thanks and Best Regards
Andrej.
On Thu, Mar 3, 2016 at 7:18 PM, Stian Thorgersen <sthorger at redhat.com>
wrote:
> Please read the documentation it explains it all
> http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e116
>
> On 3 March 2016 at 16:24, Andrej Prievalsky <ado.boj.83 at gmail.com> wrote:
>
>> Hi all,
>>
>> 1.) meantime I tried on keycloak-overlay-1.7.0.Final via
>> add-user-keycloak.sh script in wildfly domain mode create Admin user and I
>> got:
>>
>> [root at keycloakoverlay /opt/wildfly/bin]$ ./add-user-keycloak.sh -u admin
>> -p admin
>> Added 'admin' to '
>> */opt/wildfly/standalone/configuration/keycloak-add-user.json*', restart
>> server to load user
>>
>> Is it correct, that user is created in standalone path?
>>
>>
>> ----------------------------------------------------------------------------
>>
>> 2.) can I in version 1.7.0.Final create or replace Admin user for Master
>> realm with permanent password, which could be created automatically via
>> command line and not needed change password manually after first login?
>>
>> Thanks,
>> Andrej.
>>
>>
>> On Thu, Mar 3, 2016 at 1:50 PM, Stian Thorgersen <sthorger at redhat.com>
>> wrote:
>>
>>>
>>>
>>> On 3 March 2016 at 13:48, Stan Silvert <ssilvert at redhat.com> wrote:
>>>
>>>> On 3/3/2016 12:09 AM, Stian Thorgersen wrote:
>>>>
>>>> The standard add-user script adds WildFly users, we want the standard
>>>> script to add Keycloak users. It's a Keycloak server after all.
>>>>
>>>> You still need WildFly users if you want to use CLI (remotely) or web
>>>> console. As far as I know, we can't secure those things with Keycloak yet.
>>>>
>>>
>>> In the future we will secure it with Keycloak, in the mean time the
>>> add-user has a '--container' option.
>>>
>>>
>>>>
>>>> There are workarounds, but I'm just saying, WildFly add-user.sh is a
>>>> useful tool that we might want to still ship in some form until such time
>>>> that CLI and web console is fully integrated with Keycloak.
>>>>
>>>>
>>>> On 2 March 2016 at 20:00, Stan Silvert <ssilvert at redhat.com> wrote:
>>>>
>>>>> On 3/2/2016 1:50 PM, Stian Thorgersen wrote:
>>>>>
>>>>> Not a chance. In server dist we want to hide WildFly's add-user script.
>>>>>
>>>>> I could guess, but I have to ask, why?
>>>>>
>>>>>
>>>>>
>>>>> On 2 March 2016 at 14:12, Stan Silvert <ssilvert at redhat.com> wrote:
>>>>>
>>>>>> On 3/2/2016 7:02 AM, Stian Thorgersen wrote:
>>>>>>
>>>>>> In overlay the script should be add-user-keycloak. The overlay adds
>>>>>> Keycloak server to an existing WildFly installation so we don't want to
>>>>>> overwrite any existing files. I appreciate this may be confusing and
>>>>>> inconsistent, but at the same time if we did overwrite people would
>>>>>> probably complain about us overwriting the existing script.
>>>>>>
>>>>>> In the server dist this doesn't apply as the server is purely a
>>>>>> Keycloak server, not a WildFly server.
>>>>>>
>>>>>> I guess the solution would be to make server dist consistent with
>>>>>> overlay, so both are add-user-keycloak. Not sure how I feel about that.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 2 March 2016 at 11:10, Bruno Oliveira <bruno at abstractj.org> wrote:
>>>>>>
>>>>>>> I'm not sure if I follow your question but './add-user.sh -u admin
>>>>>>> -p admin' or './add-user.sh -u admin' should work.
>>>>>>>
>>>>>>> On Wed, Mar 2, 2016 at 7:03 AM Andrej Prievalsky <
>>>>>>> ado.boj.83 at gmail.com> wrote:
>>>>>>>
>>>>>>>> Hi Bruno,
>>>>>>>>
>>>>>>>> thanks for answer.
>>>>>>>> But from
>>>>>>>> http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e116
>>>>>>>> and section: *...you can use the add-user script from the
>>>>>>>> command-line.*
>>>>>>>> is my question is how exactly should looks like command with
>>>>>>>> add-user script?
>>>>>>>> Because in past we used this command: add-user.sh –container -u
>>>>>>>> admin -p admin
>>>>>>>>
>>>>>>>> Andrej.
>>>>>>>>
>>>>>>>>
>>>>>>>> On Wed, Mar 2, 2016 at 10:38 AM, Bruno Oliveira <
>>>>>>>> bruno at abstractj.org> wrote:
>>>>>>>>
>>>>>>>>> Hi Andrej, answers inline
>>>>>>>>>
>>>>>>>>> On Wed, Mar 2, 2016 at 6:13 AM Andrej Prievalsky <
>>>>>>>>> ado.boj.83 at gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> Hi,
>>>>>>>>>>
>>>>>>>>>> I would like to summary information about How to add Admin User -
>>>>>>>>>> chapter 3.2.1.
>>>>>>>>>>
>>>>>>>>>> My questions are:
>>>>>>>>>> 1.) From which version (including) is new concept, that there is
>>>>>>>>>> no built in user?
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> 1.8.0 See:
>>>>>>>>> http://keycloak.github.io/docs/userguide/keycloak-server/html/Migration_from_older_versions.html#d4e4031
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> 2a.) What is exact command via add-user script (add-user.sh) for
>>>>>>>>>> create admin user ?
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> See:
>>>>>>>>> http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e116
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> 2b.) Same question like in 2a, but in keycloak-overlay (
>>>>>>>>>> add-user-keycloak.sh)?
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> You are correct. Maybe this is an inconsistency to be fixed.
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Thanks and Best Regards,
>>>>>>>>>> Andrej.
>>>>>>>>>> _______________________________________________
>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>> keycloak-user at lists.jboss.org
>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> keycloak-user mailing list
>>>>>>> keycloak-user at lists.jboss.org
>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> keycloak-user mailing list
>>>>>> keycloak-user at lists.jboss.org
>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160415/6a3aeb3c/attachment-0001.html
More information about the keycloak-user
mailing list