On 6 September 2016 at 10:06, Thomas Darimont <thomas.darimont@googlemail.com> wrote:

Hello group,

keycloak ships with the add-user-keycloak.sh script to create an initial realm admin user
with the provided username / password combination.

We're currently running this script every time when our keycloak docker container
starts which triggers a Unique Constraint Violation if the admin user has already been created
- which is what I would expect.

07:52:39,103 ERROR [org.keycloak.services] (ServerService Thread Pool -- 56) KC-SERVICES0010: Failed to add user 'admin' to realm 'master': user with username exists

-> Perhaphs an option like "create if not exists" would be nice.

You can obviously just ignore that error message, but adding an option to suppress doesn't hurt

Since we need to periodically change the password of that admin user I wonder how this should be
done. Since the add-user-keycloak.sh doesn't seem to provide a way to change a password the only way seems to be changing the admin password in the realm admin-console.

It wasn't intended as a tool to reset the password. It's purely a tool to add an initial admin user.

However it is easy to get locked out of Keycloak if one changes the password via the realm admin-console e.g. due to a typo...

Add a new user. You could also do other mistakes like removing roles from the admin user. That's why adding a new user is a recovery option that always works.

Cheers,
Thomas

_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev