<div dir="ltr">Hi All,<div><br></div><div>in setup Wildfly-10 in domain mode + keycloak-overlay-1.9.2.Final I tried to create Admin User in two ways like in guide:</div><div><br></div><div>1.) via <span style="color:rgb(51,51,51);font-family:courrier,monospace;font-size:0.9em;line-height:18px;text-align:justify;background-color:rgb(245,245,245)">bin/add-user.[sh|bat] -r master -u <username> -p <password></span></div><div>I got this ERROR:</div><div><br></div><div><p class="MsoNormal"><i>[sab@idm69 wildfly]$ ./bin/add-user.sh -r master -u admin -p
tmo46713</i></p>
<p class="MsoNormal"><i> </i></p>
<p class="MsoNormal"><i>* Error *</i></p>
<p class="MsoNormal"><i>WFLYDM0065: The user supplied realm name 'master' does not
match the realm name discovered from the property file(s) 'ManagementRealm'.</i></p>
<p class="MsoNormal"><i> </i></p>
<p class="MsoNormal"><i>Exception in thread "main"
org.jboss.as.domain.management.security.adduser.AddUserFailedException:
WFLYDM0065: The user supplied realm name 'master' does not match the realm name
discovered from the property file(s) 'ManagementRealm'.</i></p>
<p class="MsoNormal"><i> at org.jboss.as.domain.management.security.adduser.ErrorState.execute(ErrorState.java:72)</i></p>
<p class="MsoNormal"><i> at
org.jboss.as.domain.management.security.adduser.AddUser.run(AddUser.java:130)</i></p>
<p class="MsoNormal"><i> at
org.jboss.as.domain.management.security.adduser.AddUser.main(AddUser.java:223)</i></p>
<p class="MsoNormal"><i> at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)</i></p>
<p class="MsoNormal"><i> at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)</i></p>
<p class="MsoNormal"><i> at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)</i></p>
<p class="MsoNormal"><i> at
java.lang.reflect.Method.invoke(Method.java:497)</i></p>
<p class="MsoNormal"><i> at
org.jboss.modules.Module.run(Module.java:329)</i></p>
<p class="MsoNormal"><i> at
org.jboss.modules.Main.main(Main.java:507)</i><span lang="DE" style="font-size:7pt;font-family:Arial,sans-serif"></span></p><p class="MsoNormal"><i><br></i></p><p class="MsoNormal">2.) via <span style="color:rgb(51,51,51);font-family:courrier,monospace;font-size:0.9em;line-height:18px;text-align:justify;background-color:rgb(245,245,245)">bin/add-user-keycloak.[sh|bat] -r master -u <username> -p <password></span></p><p class="MsoNormal">User was created under standalone path.</p><p class="MsoNormal"><br></p><p class="MsoNormal">Thanks and Best Regards</p><p class="MsoNormal">Andrej.</p><p class="MsoNormal"><br></p></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Mar 3, 2016 at 7:18 PM, Stian Thorgersen <span dir="ltr"><<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr">Please read the documentation it explains it all <a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e116" target="_blank">http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e116</a></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On 3 March 2016 at 16:24, Andrej Prievalsky <span dir="ltr"><<a href="mailto:ado.boj.83@gmail.com" target="_blank">ado.boj.83@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi all,<div><br></div><div>1.) meantime I tried on keycloak-overlay-1.7.0.Final via add-user-keycloak.sh script in wildfly domain mode create Admin user and I got:</div><div><br></div><div><div>[root@keycloakoverlay /opt/wildfly/bin]$ ./add-user-keycloak.sh -u admin -p admin</div><div>Added 'admin' to '<b>/opt/wildfly/standalone/configuration/keycloak-add-user.json</b>', restart server to load user</div></div><div><br></div><div>Is it correct, that user is created in standalone path?</div><div><br></div><div>----------------------------------------------------------------------------</div><div><br></div><div>2.) can I in version 1.7.0.Final create or replace Admin user for Master realm with permanent password, which could be created automatically via command line and not needed change password manually after first login?</div><div><br></div><div>Thanks,</div><div>Andrej.</div><div><br></div></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Mar 3, 2016 at 1:50 PM, Stian Thorgersen <span dir="ltr"><<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote"><span>On 3 March 2016 at 13:48, Stan Silvert <span dir="ltr"><<a href="mailto:ssilvert@redhat.com" target="_blank">ssilvert@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"><span>
<div>On 3/3/2016 12:09 AM, Stian Thorgersen
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">The standard add-user script adds WildFly users, we
want the standard script to add Keycloak users. It's a Keycloak
server after all.</div>
</blockquote></span>
You still need WildFly users if you want to use CLI (remotely) or
web console. As far as I know, we can't secure those things with
Keycloak yet.<br></div></blockquote><div><br></div></span><div>In the future we will secure it with Keycloak, in the mean time the add-user has a '--container' option.</div><div><div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div text="#000000" bgcolor="#FFFFFF">
<br>
There are workarounds, but I'm just saying, WildFly add-user.sh is a
useful tool that we might want to still ship in some form until such
time that CLI and web console is fully integrated with Keycloak.<div><div><br>
<blockquote type="cite">
<div class="gmail_extra"><br>
<div class="gmail_quote">On 2 March 2016 at 20:00, Stan Silvert
<span dir="ltr"><<a href="mailto:ssilvert@redhat.com" target="_blank">ssilvert@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"><span>
<div>On 3/2/2016 1:50 PM, Stian Thorgersen wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Not a chance. In server dist we want to
hide WildFly's add-user script.</div>
</blockquote>
</span> I could guess, but I have to ask, why?
<div>
<div><br>
<br>
<blockquote type="cite">
<div class="gmail_extra"><br>
<div class="gmail_quote">On 2 March 2016 at 14:12,
Stan Silvert <span dir="ltr"><<a href="mailto:ssilvert@redhat.com" target="_blank">ssilvert@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"><span>
<div>On 3/2/2016 7:02 AM, Stian Thorgersen
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">In overlay the script
should be add-user-keycloak. The
overlay adds Keycloak server to an
existing WildFly installation so we
don't want to overwrite any existing
files. I appreciate this may be
confusing and inconsistent, but at the
same time if we did overwrite people
would probably complain about us
overwriting the existing script.
<div><br>
</div>
<div>In the server dist this doesn't
apply as the server is purely a
Keycloak server, not a WildFly
server.</div>
</div>
</blockquote>
</span> I guess the solution would be to
make server dist consistent with overlay, so
both are add-user-keycloak. Not sure how I
feel about that. <br>
<div>
<div> <br>
<br>
<br>
<blockquote type="cite">
<div class="gmail_extra"><br>
<div class="gmail_quote">On 2 March
2016 at 11:10, Bruno Oliveira <span dir="ltr"><<a href="mailto:bruno@abstractj.org" target="_blank">bruno@abstractj.org</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
<div dir="ltr">I'm not sure if I
follow your question but
'./add-user.sh -u admin -p
admin' or './add-user.sh -u
admin' should work. </div>
<div>
<div><br>
<div class="gmail_quote">
<div dir="ltr">On Wed, Mar
2, 2016 at 7:03 AM
Andrej Prievalsky <<a href="mailto:ado.boj.83@gmail.com" target="_blank">ado.boj.83@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
<div dir="ltr">Hi
Bruno,
<div><br>
</div>
<div>thanks for
answer.</div>
<div>But from <a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e116" style="font-size:12.8px" target="_blank">http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e116</a></div>
<div>and section: <b>...<span>you
can use the
add-user script
from the
command-line.</span></b></div>
<div><span>is my
question is how
exactly should
looks like command
with add-user
script?</span><br>
</div>
<div><span>Because in
past we used this
command: </span>add-user.sh
–container -u admin
-p admin</div>
</div>
<div dir="ltr">
<div><span><br>
</span></div>
<div><span>Andrej.</span></div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On
Wed, Mar 2, 2016 at
10:38 AM, Bruno
Oliveira <span dir="ltr"><<a href="mailto:bruno@abstractj.org" target="_blank">bruno@abstractj.org</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
<div dir="ltr">Hi
Andrej, answers
inline<br>
<br>
<div class="gmail_quote"><span>
<div dir="ltr">On
Wed, Mar 2,
2016 at 6:13
AM Andrej
Prievalsky
<<a href="mailto:ado.boj.83@gmail.com" target="_blank">ado.boj.83@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
<div dir="ltr">Hi,
<div><br>
</div>
<div>I would
like to
summary
information
about How to
add Admin User
- chapter
3.2.1.</div>
<div><br>
</div>
<div>My
questions are:</div>
<div>1.) From
which version
(including) is
new concept,
that there is
no built in
user?<br>
</div>
</div>
</blockquote>
<div><br>
</div>
</span>
<div>1.8.0
See: <a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/Migration_from_older_versions.html#d4e4031" target="_blank">http://keycloak.github.io/docs/userguide/keycloak-server/html/Migration_from_older_versions.html#d4e4031</a></div>
<span>
<div> </div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div style="text-align:justify"><font face="Lucida
Grande,
Geneva,
Verdana,
Arial,
sans-serif" color="#333333"><span style="font-size:12px;line-height:18px">2a.) What is exact command via
add-user
script </span></font><span>(add-user.sh)</span><span> for
create admin
user ?</span></div>
</div>
</blockquote>
<div><br>
</div>
</span>
<div>See: <a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e116" target="_blank">http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e116</a></div>
<span>
<div> </div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div style="text-align:justify"><font face="Lucida
Grande,
Geneva,
Verdana,
Arial,
sans-serif" color="#333333"><span style="font-size:12px;line-height:18px">2b.) Same question like in 2a,
but in
keycloak-overlay
(</span></font><span style="color:rgb(0,0,0)">add-user-keycloak.sh</span><span>)?</span></div>
</div>
</blockquote>
<div><br>
</div>
</span>
<div>You are
correct. Maybe
this is an
inconsistency
to be fixed. </div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><span>
<div dir="ltr">
<div style="text-align:justify"><font face="Lucida
Grande,
Geneva,
Verdana,
Arial,
sans-serif" color="#333333"><span style="font-size:12px;line-height:18px"><br>
</span></font></div>
<div style="text-align:justify"><font face="Lucida
Grande,
Geneva,
Verdana,
Arial,
sans-serif" color="#333333"><span style="font-size:12px;line-height:18px">Thanks and Best Regards,</span></font></div>
<div style="text-align:justify"><font face="Lucida
Grande,
Geneva,
Verdana,
Arial,
sans-serif" color="#333333"><span style="font-size:12px;line-height:18px">Andrej.</span></font></div>
</div>
</span>
_______________________________________________<br>
keycloak-user
mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></blockquote>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
</div>
</div>
</div>
<br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
keycloak-user mailing list
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div></div></div>
</blockquote></div></div></div><br></div></div>
<br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div></div>