[keycloak-user] I disabled "master" realm...now I'm stuck
Pieter Lukasse
pieter at thehyve.nl
Mon Sep 11 07:55:10 EDT 2017
Thanks Thomas! Much appreciated.
www.thehyve.nl
E pieter at thehyve.nl
T +31(0)30 700 9713
M +31(0)6 28 18 9540
Skype pieter.lukasse
We empower scientists by building on open source software
2017-09-11 10:30 GMT+02:00 Thomas Darimont <thomas.darimont at googlemail.com>:
> Hello Pieter,
>
> Note that is (AFAIK) not recommended to use the h2 databse in production.
> I'd recommend to use a dedicated prostgresql database for storing keycloak
> configuration.
>
> However, here is what you can do to change the realm configuration
> stored in a h2 database:
>
> cd into your KEYCLOAK_HOME (e.g. /home/tom/dev/playground/
> keycloak/keycloak-3.3.0.CR1)
>
> Find the location of your h2 database files by looking
> into the configuration files, via:
> grep 'connection-url.*keycloak' standalone/configuration/*.xml
>
> You might see:
> jdbc:h2:${jboss.server.data.dir}/keycloak;
>
> This means that the h2 database is in a file in
> $KEYCLOAK_HOME/standalone/data, e.g. standalone/data/keycloak.mv.db
>
> Open a h2 database console:
> java -jar modules/system/layers/base/com/h2database/h2/main/h2-*.jar
> Browse to: http://127.0.1.1:8082
>
> Use this as the jdbc URL:
> JDBC Url: jdbc:h2:/home/tom/dev/playground/keycloak/keycloak-
> 3.3.0.CR1/standalone/data/keycloak
> User: sa
> Password: sa
>
> Click "connect".
>
> You should be able to update the realm table as described before.
> Note that you might need to stop keycloak before you can update the
> database.
>
> Cheers,
> Thomas
>
> 2017-09-11 10:09 GMT+02:00 Pieter Lukasse <pieter at thehyve.nl>:
>
>> Thanks Thomas. I'm afraid I'm a bit too new to keycloak, so I have some
>> extra questions: which table should I look for? How can I connect to the DB
>> (default H2 in my case)? Maybe some documentation I can start with? The
>> current documentation is quite hard to search through...google will only
>> direct to old pages (before it moved) and the documentation site does not
>> have a good search option...
>>
>> Thanks,
>>
>> Pieter
>>
>> PS: I had logged a ticket for this but it god closed...not sure why:
>> https://issues.jboss.org/browse/KEYCLOAK-5436. I would argue that
>> allowing one to disable master ream in admin pages is a bug since it can
>> only be undone by changing things directly in DB.
>>
>> www.thehyve.nl
>> E pieter at thehyve.nl
>> T +31(0)30 700 9713
>> M +31(0)6 28 18 9540
>> Skype pieter.lukasse
>>
>>
>> We empower scientists by building on open source software
>>
>> 2017-09-11 10:00 GMT+02:00 Thomas Darimont <thomas.darimont at googlemail.co
>> m>:
>>
>>> Hello,
>>>
>>> if you have access to your database, you can enable the realm
>>> by setting the "enabled" value in the "realm" table to "true".
>>>
>>> Cheers,
>>> Thomas
>>>
>>> 2017-09-11 9:42 GMT+02:00 Pieter Lukasse <pieter at thehyve.nl>:
>>>
>>>> I disabled "master" realm...now I'm stuck. I can't find any
>>>> documentation
>>>> that helps me out of this.
>>>>
>>>> I already tried to enable it again, but because it is disabled it won't
>>>> allow me to enable it again(!?):
>>>>
>>>> running:
>>>>
>>>> ./kcadm.sh update realms/master -s enabled=true --user admin
>>>> --password=admin --realm master
>>>>
>>>> results in:
>>>>
>>>> Logging into http://localhost:8080/auth as user admin of realm master
>>>> Realm not enabled [access_denied]
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> www.thehyve.nl
>>>> E pieter at thehyve.nl
>>>> T +31(0)30 700 9713
>>>> M +31(0)6 28 18 9540
>>>> Skype pieter.lukasse
>>>>
>>>>
>>>> We empower scientists by building on open source software
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>
>>>
>>
>
More information about the keycloak-user
mailing list