[keycloak-user] How to add Admin User

Stian Thorgersen sthorger at redhat.com
Wed Apr 27 10:12:04 EDT 2016 

It would seem so

On 27 April 2016 at 09:57, Andrej Prievalsky <ado.boj.83 at gmail.com> wrote:

> Hi all,
>
> I would like to ask again only for confirmation.
> My setup is keycloak overlay in domain mode.
> Question is how can I create Admin keycloak user in this setup.
>
> With only domain option it doesn't work:
>
> [sab at idm72 wildfly]$ ./bin/add-user-keycloak.sh -r master -u admin -p
> admin --domain
>
> Added 'admin' to '/opt/wildfly/domain/configuration/keycloak-add-user.json',
> restart server to load user
>
>
> But with next option I got and it works:
>
> sab at idm72 wildfly]$ ./bin/add-user-keycloak.sh -r master -u admin -p
> admin --domain --dc
> /opt/wildfly/domain/servers/idm-server-idm72/configuration/
>
> Added 'admin' to '/opt/wildfly/
> domain/servers/idm-server-idm72/configuration/keycloak-add-user.json',
> restart server to load user
>
>
> Are needed for domain mode both options?
>
>
> Best Regards,
>
> Andrej.
>
>
> On Tue, Apr 19, 2016 at 3:43 PM, Andrej Prievalsky <ado.boj.83 at gmail.com>
> wrote:
>
>> With only domain option I got and it doesn't work:
>>
>> [sab at idm72 wildfly]$ ./bin/add-user-keycloak.sh -r master -u admin -p
>> admin --domain
>>
>> Added 'admin' to '/opt/wildfly/domain/configuration/keycloak-add-user.json',
>> restart server to load user
>>
>>
>> But with next option I got and it works:
>>
>> sab at idm72 wildfly]$ ./bin/add-user-keycloak.sh -r master -u admin -p
>> admin --domain --dc
>> /opt/wildfly/domain/servers/idm-server-idm72/configuration/
>>
>> Added 'admin' to '/opt/wildfly/
>> domain/servers/idm-server-idm72/configuration/keycloak-add-user.json',
>> restart server to load user
>>
>>
>> Are needed for domain both options?
>>
>> On Tue, Apr 19, 2016 at 1:15 PM, Stian Thorgersen <sthorger at redhat.com>
>> wrote:
>>
>>> There's a domain option:
>>> bin/add-user-keycloak.[sh|bat] -r master -u <username> -p <password>
>>> --domain
>>>
>>> On 19 April 2016 at 13:09, Andrej Prievalsky <ado.boj.83 at gmail.com>
>>> wrote:
>>>
>>>> Hi all,
>>>>
>>>> @Marek: I am using H2 database. I can't delete /opt/wildfly/standalone/data,
>>>> because this folder is not present.
>>>>
>>>> But, for our domain mode we have to move created
>>>> /opt/wildfly/standalone/configuration/keycloak-add-user.json to
>>>> /opt/wildfly/domain/servers/{server-name}/configuration
>>>> and after we could login to keycloak admin console.
>>>>
>>>> So in summary we have to in domain mode for create admin user:
>>>> 1.) bin/add-user-keycloak.[sh|bat] -r master -u <username> -p
>>>> <password>
>>>> 2.) copy /opt/wildfly/standalone/configuration/keycloak-add-user.json
>>>> to /opt/wildfly/domain/servers/{server-name}/configuration
>>>> 3.) restart server
>>>>
>>>> Are this steps correctly and expected from your side?
>>>>
>>>>
>>>>
>>>> On Tue, Apr 19, 2016 at 8:40 AM, Andrej Prievalsky <
>>>> ado.boj.83 at gmail.com> wrote:
>>>>
>>>>> Thanks Marek, I will try your hint.
>>>>> @Stian: I am trying login to Keycloak admin console.
>>>>>
>>>>> On Mon, Apr 18, 2016 at 1:59 PM, Stian Thorgersen <sthorger at redhat.com
>>>>> > wrote:
>>>>>
>>>>>> Just to confirm are you trying to login to Keycloak admin console or
>>>>>> WildFly console?
>>>>>>
>>>>>> On 18 April 2016 at 10:04, Andrej Prievalsky <ado.boj.83 at gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> OK, but when we created user with add-user-keycloak.sh:
>>>>>>>
>>>>>>> [sab at idm69 wildfly]$ ./bin/add-user-keycloak.sh -r master -u admin
>>>>>>> -p admin
>>>>>>> Added 'admin' to
>>>>>>> '/opt/wildfly/standalone/configuration/keycloak-add-user.json', restart
>>>>>>> server to load user
>>>>>>>
>>>>>>> After restart server, we can't login with admin user and password
>>>>>>> admin.
>>>>>>> We got Error message: Invalid username or password.
>>>>>>>
>>>>>>>
>>>>>>> Can be problem on your side or in our setup and configuration?
>>>>>>>
>>>>>>> On Fri, Apr 15, 2016 at 3:25 PM, Stian Thorgersen <
>>>>>>> sthorger at redhat.com> wrote:
>>>>>>>
>>>>>>>> With server overlay use add-user-keycloak and restart the server
>>>>>>>>
>>>>>>>> On 15 April 2016 at 14:43, Andrej Prievalsky <ado.boj.83 at gmail.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> Hi All,
>>>>>>>>>
>>>>>>>>> in setup Wildfly-10 in domain mode + keycloak-overlay-1.9.2.Final
>>>>>>>>> I tried to create Admin User in two ways like in guide:
>>>>>>>>>
>>>>>>>>> 1.) via bin/add-user.[sh|bat] -r master -u <username> -p
>>>>>>>>> <password>
>>>>>>>>> I got this ERROR:
>>>>>>>>>
>>>>>>>>> *[sab at idm69 wildfly]$ ./bin/add-user.sh -r master -u admin -p
>>>>>>>>> tmo46713*
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> ** Error **
>>>>>>>>>
>>>>>>>>> *WFLYDM0065: The user supplied realm name 'master' does not match
>>>>>>>>> the realm name discovered from the property file(s) 'ManagementRealm'.*
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> *Exception in thread "main"
>>>>>>>>> org.jboss.as.domain.management.security.adduser.AddUserFailedException:
>>>>>>>>> WFLYDM0065: The user supplied realm name 'master' does not match the realm
>>>>>>>>> name discovered from the property file(s) 'ManagementRealm'.*
>>>>>>>>>
>>>>>>>>> *        at
>>>>>>>>> org.jboss.as.domain.management.security.adduser.ErrorState.execute(ErrorState.java:72)*
>>>>>>>>>
>>>>>>>>> *        at
>>>>>>>>> org.jboss.as.domain.management.security.adduser.AddUser.run(AddUser.java:130)*
>>>>>>>>>
>>>>>>>>> *        at
>>>>>>>>> org.jboss.as.domain.management.security.adduser.AddUser.main(AddUser.java:223)*
>>>>>>>>>
>>>>>>>>> *        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>>>>>>>> Method)*
>>>>>>>>>
>>>>>>>>> *        at
>>>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)*
>>>>>>>>>
>>>>>>>>> *        at
>>>>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)*
>>>>>>>>>
>>>>>>>>> *        at java.lang.reflect.Method.invoke(Method.java:497)*
>>>>>>>>>
>>>>>>>>> *        at org.jboss.modules.Module.run(Module.java:329)*
>>>>>>>>>
>>>>>>>>> *        at org.jboss.modules.Main.main(Main.java:507)*
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> 2.) via bin/add-user-keycloak.[sh|bat] -r master -u <username> -p
>>>>>>>>> <password>
>>>>>>>>>
>>>>>>>>> User was created under standalone path.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Thanks and Best Regards
>>>>>>>>>
>>>>>>>>> Andrej.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Thu, Mar 3, 2016 at 7:18 PM, Stian Thorgersen <
>>>>>>>>> sthorger at redhat.com> wrote:
>>>>>>>>>
>>>>>>>>>> Please read the documentation it explains it all
>>>>>>>>>> http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e116
>>>>>>>>>>
>>>>>>>>>> On 3 March 2016 at 16:24, Andrej Prievalsky <ado.boj.83 at gmail.com
>>>>>>>>>> > wrote:
>>>>>>>>>>
>>>>>>>>>>> Hi all,
>>>>>>>>>>>
>>>>>>>>>>> 1.) meantime I tried on keycloak-overlay-1.7.0.Final via
>>>>>>>>>>> add-user-keycloak.sh script in wildfly domain mode create Admin user  and I
>>>>>>>>>>> got:
>>>>>>>>>>>
>>>>>>>>>>> [root at keycloakoverlay /opt/wildfly/bin]$ ./add-user-keycloak.sh
>>>>>>>>>>> -u admin -p admin
>>>>>>>>>>> Added 'admin' to '
>>>>>>>>>>> */opt/wildfly/standalone/configuration/keycloak-add-user.json*',
>>>>>>>>>>> restart server to load user
>>>>>>>>>>>
>>>>>>>>>>> Is it correct, that user is created in standalone path?
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> ----------------------------------------------------------------------------
>>>>>>>>>>>
>>>>>>>>>>> 2.) can I in version 1.7.0.Final create or replace Admin user
>>>>>>>>>>> for Master realm with permanent password, which could be created
>>>>>>>>>>> automatically via command line and not needed change password manually
>>>>>>>>>>> after first login?
>>>>>>>>>>>
>>>>>>>>>>> Thanks,
>>>>>>>>>>> Andrej.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Thu, Mar 3, 2016 at 1:50 PM, Stian Thorgersen <
>>>>>>>>>>> sthorger at redhat.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On 3 March 2016 at 13:48, Stan Silvert <ssilvert at redhat.com>
>>>>>>>>>>>> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> On 3/3/2016 12:09 AM, Stian Thorgersen wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>> The standard add-user script adds WildFly users, we want the
>>>>>>>>>>>>> standard script to add Keycloak users. It's a Keycloak server after all.
>>>>>>>>>>>>>
>>>>>>>>>>>>> You still need WildFly users if you want to use CLI (remotely)
>>>>>>>>>>>>> or web console.   As far as I know, we can't secure those things with
>>>>>>>>>>>>> Keycloak yet.
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> In the future we will secure it with Keycloak, in the mean time
>>>>>>>>>>>> the add-user has a '--container' option.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> There are workarounds, but I'm just saying, WildFly
>>>>>>>>>>>>> add-user.sh is a useful tool that we might want to still ship in some form
>>>>>>>>>>>>> until such time that CLI and web console is fully integrated with Keycloak.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On 2 March 2016 at 20:00, Stan Silvert <ssilvert at redhat.com>
>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> On 3/2/2016 1:50 PM, Stian Thorgersen wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Not a chance. In server dist we want to hide WildFly's
>>>>>>>>>>>>>> add-user script.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> I could guess, but I have to ask, why?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On 2 March 2016 at 14:12, Stan Silvert <ssilvert at redhat.com>
>>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On 3/2/2016 7:02 AM, Stian Thorgersen wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> In overlay the script should be add-user-keycloak. The
>>>>>>>>>>>>>>> overlay adds Keycloak server to an existing WildFly installation so we
>>>>>>>>>>>>>>> don't want to overwrite any existing files. I appreciate this may be
>>>>>>>>>>>>>>> confusing and inconsistent, but at the same time if we did overwrite people
>>>>>>>>>>>>>>> would probably complain about us overwriting the existing script.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> In the server dist this doesn't apply as the server is
>>>>>>>>>>>>>>> purely a Keycloak server, not a WildFly server.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> I guess the solution would be to make server dist consistent
>>>>>>>>>>>>>>> with overlay, so both are add-user-keycloak.  Not sure how I feel about
>>>>>>>>>>>>>>> that.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On 2 March 2016 at 11:10, Bruno Oliveira <
>>>>>>>>>>>>>>> bruno at abstractj.org> wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> I'm not sure if I follow your question but './add-user.sh
>>>>>>>>>>>>>>>> -u admin -p admin' or './add-user.sh -u admin' should work.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> On Wed, Mar 2, 2016 at 7:03 AM Andrej Prievalsky <
>>>>>>>>>>>>>>>> ado.boj.83 at gmail.com> wrote:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Hi Bruno,
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> thanks for answer.
>>>>>>>>>>>>>>>>> But from
>>>>>>>>>>>>>>>>> http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e116
>>>>>>>>>>>>>>>>> and section: *...you can use the add-user script from the
>>>>>>>>>>>>>>>>> command-line.*
>>>>>>>>>>>>>>>>> is my question is how exactly should looks like command
>>>>>>>>>>>>>>>>> with add-user script?
>>>>>>>>>>>>>>>>> Because in past we used this command: add-user.sh
>>>>>>>>>>>>>>>>> –container -u admin -p admin
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Andrej.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> On Wed, Mar 2, 2016 at 10:38 AM, Bruno Oliveira <
>>>>>>>>>>>>>>>>> bruno at abstractj.org> wrote:
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Hi Andrej, answers inline
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> On Wed, Mar 2, 2016 at 6:13 AM Andrej Prievalsky <
>>>>>>>>>>>>>>>>>> ado.boj.83 at gmail.com> wrote:
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> I would like to summary information about How to add
>>>>>>>>>>>>>>>>>>> Admin User - chapter 3.2.1.
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> My questions are:
>>>>>>>>>>>>>>>>>>> 1.) From which version (including) is new concept, that
>>>>>>>>>>>>>>>>>>> there is no built in user?
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> 1.8.0 See:
>>>>>>>>>>>>>>>>>> http://keycloak.github.io/docs/userguide/keycloak-server/html/Migration_from_older_versions.html#d4e4031
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> 2a.) What is exact command via add-user script
>>>>>>>>>>>>>>>>>>> (add-user.sh) for create admin user ?
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> See:
>>>>>>>>>>>>>>>>>> http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e116
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> 2b.) Same question like in 2a, but in keycloak-overlay (
>>>>>>>>>>>>>>>>>>> add-user-keycloak.sh)?
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> You are correct. Maybe this is an inconsistency to be
>>>>>>>>>>>>>>>>>> fixed.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Thanks and Best Regards,
>>>>>>>>>>>>>>>>>>> Andrej.
>>>>>>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>>>>>>>>>>> keycloak-user at lists.jboss.org
>>>>>>>>>>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>>>>>>>> keycloak-user at lists.jboss.org
>>>>>>>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>>> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>>>>>>> keycloak-user at lists.jboss.org
>>>>>>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>>>> keycloak-user at lists.jboss.org
>>>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160427/f7c26e91/attachment-0001.html

More information about the keycloak-user mailing list