[keycloak-user] I disabled "master" realm...now I'm stuck
Thomas Darimont
thomas.darimont at googlemail.com
Mon Sep 11 04:30:46 EDT 2017
Hello Pieter,
Note that is (AFAIK) not recommended to use the h2 databse in production.
I'd recommend to use a dedicated prostgresql database for storing keycloak
configuration.
However, here is what you can do to change the realm configuration
stored in a h2 database:
cd into your KEYCLOAK_HOME (e.g.
/home/tom/dev/playground/keycloak/keycloak-3.3.0.CR1)
Find the location of your h2 database files by looking
into the configuration files, via:
grep 'connection-url.*keycloak' standalone/configuration/*.xml
You might see:
jdbc:h2:${jboss.server.data.dir}/keycloak;
This means that the h2 database is in a file in
$KEYCLOAK_HOME/standalone/data, e.g. standalone/data/keycloak.mv.db
Open a h2 database console:
java -jar modules/system/layers/base/com/h2database/h2/main/h2-*.jar
Browse to: http://127.0.1.1:8082
Use this as the jdbc URL:
JDBC Url:
jdbc:h2:/home/tom/dev/playground/keycloak/keycloak-3.3.0.CR1/standalone/data/keycloak
User: sa
Password: sa
Click "connect".
You should be able to update the realm table as described before.
Note that you might need to stop keycloak before you can update the
database.
Cheers,
Thomas
2017-09-11 10:09 GMT+02:00 Pieter Lukasse <pieter at thehyve.nl>:
> Thanks Thomas. I'm afraid I'm a bit too new to keycloak, so I have some
> extra questions: which table should I look for? How can I connect to the DB
> (default H2 in my case)? Maybe some documentation I can start with? The
> current documentation is quite hard to search through...google will only
> direct to old pages (before it moved) and the documentation site does not
> have a good search option...
>
> Thanks,
>
> Pieter
>
> PS: I had logged a ticket for this but it god closed...not sure why:
> https://issues.jboss.org/browse/KEYCLOAK-5436. I would argue that
> allowing one to disable master ream in admin pages is a bug since it can
> only be undone by changing things directly in DB.
>
> www.thehyve.nl
> E pieter at thehyve.nl
> T +31(0)30 700 9713
> M +31(0)6 28 18 9540
> Skype pieter.lukasse
>
>
> We empower scientists by building on open source software
>
> 2017-09-11 10:00 GMT+02:00 Thomas Darimont <thomas.darimont at googlemail.com
> >:
>
>> Hello,
>>
>> if you have access to your database, you can enable the realm
>> by setting the "enabled" value in the "realm" table to "true".
>>
>> Cheers,
>> Thomas
>>
>> 2017-09-11 9:42 GMT+02:00 Pieter Lukasse <pieter at thehyve.nl>:
>>
>>> I disabled "master" realm...now I'm stuck. I can't find any documentation
>>> that helps me out of this.
>>>
>>> I already tried to enable it again, but because it is disabled it won't
>>> allow me to enable it again(!?):
>>>
>>> running:
>>>
>>> ./kcadm.sh update realms/master -s enabled=true --user admin
>>> --password=admin --realm master
>>>
>>> results in:
>>>
>>> Logging into http://localhost:8080/auth as user admin of realm master
>>> Realm not enabled [access_denied]
>>>
>>>
>>>
>>>
>>>
>>>
>>> www.thehyve.nl
>>> E pieter at thehyve.nl
>>> T +31(0)30 700 9713
>>> M +31(0)6 28 18 9540
>>> Skype pieter.lukasse
>>>
>>>
>>> We empower scientists by building on open source software
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>
More information about the keycloak-user
mailing list