Thanks Marek, I will try your hint.
@Stian: I am trying login to Keycloak admin console.
On Mon, Apr 18, 2016 at 1:59 PM, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
Just to confirm are you trying to login to Keycloak admin console or
WildFly console?
On 18 April 2016 at 10:04, Andrej Prievalsky <ado.boj.83(a)gmail.com> wrote:
> OK, but when we created user with add-user-keycloak.sh:
>
> [sab@idm69 wildfly]$ ./bin/add-user-keycloak.sh -r master -u admin -p
> admin
> Added 'admin' to
> '/opt/wildfly/standalone/configuration/keycloak-add-user.json', restart
> server to load user
>
> After restart server, we can't login with admin user and password admin.
> We got Error message: Invalid username or password.
>
>
> Can be problem on your side or in our setup and configuration?
>
> On Fri, Apr 15, 2016 at 3:25 PM, Stian Thorgersen <sthorger(a)redhat.com>
> wrote:
>
>> With server overlay use add-user-keycloak and restart the server
>>
>> On 15 April 2016 at 14:43, Andrej Prievalsky <ado.boj.83(a)gmail.com>
>> wrote:
>>
>>> Hi All,
>>>
>>> in setup Wildfly-10 in domain mode + keycloak-overlay-1.9.2.Final I
>>> tried to create Admin User in two ways like in guide:
>>>
>>> 1.) via bin/add-user.[sh|bat] -r master -u <username> -p
<password>
>>> I got this ERROR:
>>>
>>> *[sab@idm69 wildfly]$ ./bin/add-user.sh -r master -u admin -p tmo46713*
>>>
>>>
>>>
>>> ** Error **
>>>
>>> *WFLYDM0065: The user supplied realm name 'master' does not match
the
>>> realm name discovered from the property file(s) 'ManagementRealm'.*
>>>
>>>
>>>
>>> *Exception in thread "main"
>>> org.jboss.as.domain.management.security.adduser.AddUserFailedException:
>>> WFLYDM0065: The user supplied realm name 'master' does not match the
realm
>>> name discovered from the property file(s) 'ManagementRealm'.*
>>>
>>> * at
>>>
org.jboss.as.domain.management.security.adduser.ErrorState.execute(ErrorState.java:72)*
>>>
>>> * at
>>>
org.jboss.as.domain.management.security.adduser.AddUser.run(AddUser.java:130)*
>>>
>>> * at
>>>
org.jboss.as.domain.management.security.adduser.AddUser.main(AddUser.java:223)*
>>>
>>> * at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)*
>>>
>>> * at
>>>
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)*
>>>
>>> * at
>>>
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)*
>>>
>>> * at java.lang.reflect.Method.invoke(Method.java:497)*
>>>
>>> * at org.jboss.modules.Module.run(Module.java:329)*
>>>
>>> * at org.jboss.modules.Main.main(Main.java:507)*
>>>
>>>
>>> 2.) via bin/add-user-keycloak.[sh|bat] -r master -u <username> -p
>>> <password>
>>>
>>> User was created under standalone path.
>>>
>>>
>>> Thanks and Best Regards
>>>
>>> Andrej.
>>>
>>>
>>>
>>> On Thu, Mar 3, 2016 at 7:18 PM, Stian Thorgersen <sthorger(a)redhat.com>
>>> wrote:
>>>
>>>> Please read the documentation it explains it all
>>>>
http://keycloak.github.io/docs/userguide/keycloak-server/html/server-inst...
>>>>
>>>> On 3 March 2016 at 16:24, Andrej Prievalsky <ado.boj.83(a)gmail.com>
>>>> wrote:
>>>>
>>>>> Hi all,
>>>>>
>>>>> 1.) meantime I tried on keycloak-overlay-1.7.0.Final via
>>>>> add-user-keycloak.sh script in wildfly domain mode create Admin user
and I
>>>>> got:
>>>>>
>>>>> [root@keycloakoverlay /opt/wildfly/bin]$ ./add-user-keycloak.sh -u
>>>>> admin -p admin
>>>>> Added 'admin' to '
>>>>> */opt/wildfly/standalone/configuration/keycloak-add-user.json*',
>>>>> restart server to load user
>>>>>
>>>>> Is it correct, that user is created in standalone path?
>>>>>
>>>>>
>>>>>
----------------------------------------------------------------------------
>>>>>
>>>>> 2.) can I in version 1.7.0.Final create or replace Admin user for
>>>>> Master realm with permanent password, which could be created
automatically
>>>>> via command line and not needed change password manually after first
login?
>>>>>
>>>>> Thanks,
>>>>> Andrej.
>>>>>
>>>>>
>>>>> On Thu, Mar 3, 2016 at 1:50 PM, Stian Thorgersen
<sthorger(a)redhat.com
>>>>> > wrote:
>>>>>
>>>>>>
>>>>>>
>>>>>> On 3 March 2016 at 13:48, Stan Silvert
<ssilvert(a)redhat.com> wrote:
>>>>>>
>>>>>>> On 3/3/2016 12:09 AM, Stian Thorgersen wrote:
>>>>>>>
>>>>>>> The standard add-user script adds WildFly users, we want the
>>>>>>> standard script to add Keycloak users. It's a Keycloak
server after all.
>>>>>>>
>>>>>>> You still need WildFly users if you want to use CLI
(remotely) or
>>>>>>> web console. As far as I know, we can't secure those
things with Keycloak
>>>>>>> yet.
>>>>>>>
>>>>>>
>>>>>> In the future we will secure it with Keycloak, in the mean time
the
>>>>>> add-user has a '--container' option.
>>>>>>
>>>>>>
>>>>>>>
>>>>>>> There are workarounds, but I'm just saying, WildFly
add-user.sh is
>>>>>>> a useful tool that we might want to still ship in some form
until such time
>>>>>>> that CLI and web console is fully integrated with Keycloak.
>>>>>>>
>>>>>>>
>>>>>>> On 2 March 2016 at 20:00, Stan Silvert
<ssilvert(a)redhat.com> wrote:
>>>>>>>
>>>>>>>> On 3/2/2016 1:50 PM, Stian Thorgersen wrote:
>>>>>>>>
>>>>>>>> Not a chance. In server dist we want to hide
WildFly's add-user
>>>>>>>> script.
>>>>>>>>
>>>>>>>> I could guess, but I have to ask, why?
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On 2 March 2016 at 14:12, Stan Silvert
<ssilvert(a)redhat.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> On 3/2/2016 7:02 AM, Stian Thorgersen wrote:
>>>>>>>>>
>>>>>>>>> In overlay the script should be add-user-keycloak.
The overlay
>>>>>>>>> adds Keycloak server to an existing WildFly
installation so we don't want
>>>>>>>>> to overwrite any existing files. I appreciate this
may be confusing and
>>>>>>>>> inconsistent, but at the same time if we did
overwrite people would
>>>>>>>>> probably complain about us overwriting the existing
script.
>>>>>>>>>
>>>>>>>>> In the server dist this doesn't apply as the
server is purely a
>>>>>>>>> Keycloak server, not a WildFly server.
>>>>>>>>>
>>>>>>>>> I guess the solution would be to make server dist
consistent with
>>>>>>>>> overlay, so both are add-user-keycloak. Not sure how
I feel about that.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On 2 March 2016 at 11:10, Bruno Oliveira
<bruno(a)abstractj.org>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>>> I'm not sure if I follow your question but
'./add-user.sh -u
>>>>>>>>>> admin -p admin' or './add-user.sh -u
admin' should work.
>>>>>>>>>>
>>>>>>>>>> On Wed, Mar 2, 2016 at 7:03 AM Andrej Prievalsky
<
>>>>>>>>>> ado.boj.83(a)gmail.com> wrote:
>>>>>>>>>>
>>>>>>>>>>> Hi Bruno,
>>>>>>>>>>>
>>>>>>>>>>> thanks for answer.
>>>>>>>>>>> But from
>>>>>>>>>>>
http://keycloak.github.io/docs/userguide/keycloak-server/html/server-inst...
>>>>>>>>>>> and section: *...you can use the add-user
script from the
>>>>>>>>>>> command-line.*
>>>>>>>>>>> is my question is how exactly should looks
like command with
>>>>>>>>>>> add-user script?
>>>>>>>>>>> Because in past we used this command:
add-user.sh –container
>>>>>>>>>>> -u admin -p admin
>>>>>>>>>>>
>>>>>>>>>>> Andrej.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Wed, Mar 2, 2016 at 10:38 AM, Bruno
Oliveira <
>>>>>>>>>>> bruno(a)abstractj.org> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Hi Andrej, answers inline
>>>>>>>>>>>>
>>>>>>>>>>>> On Wed, Mar 2, 2016 at 6:13 AM Andrej
Prievalsky <
>>>>>>>>>>>> ado.boj.83(a)gmail.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>
>>>>>>>>>>>>> I would like to summary information
about How to add Admin
>>>>>>>>>>>>> User - chapter 3.2.1.
>>>>>>>>>>>>>
>>>>>>>>>>>>> My questions are:
>>>>>>>>>>>>> 1.) From which version (including) is
new concept, that there
>>>>>>>>>>>>> is no built in user?
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> 1.8.0 See:
>>>>>>>>>>>>
http://keycloak.github.io/docs/userguide/keycloak-server/html/Migration_f...
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>> 2a.) What is exact command via
add-user script (add-user.sh) for
>>>>>>>>>>>>> create admin user ?
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> See:
>>>>>>>>>>>>
http://keycloak.github.io/docs/userguide/keycloak-server/html/server-inst...
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>> 2b.) Same question like in 2a, but in
keycloak-overlay (
>>>>>>>>>>>>> add-user-keycloak.sh)?
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> You are correct. Maybe this is an
inconsistency to be fixed.
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Thanks and Best Regards,
>>>>>>>>>>>>> Andrej.
>>>>>>>>>>>>>
_______________________________________________
>>>>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>>>>> keycloak-user(a)lists.jboss.org
>>>>>>>>>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>> keycloak-user(a)lists.jboss.org
>>>>>>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> keycloak-user mailing
listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> keycloak-user mailing list
>>>>>>>>> keycloak-user(a)lists.jboss.org
>>>>>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> keycloak-user mailing list
>>>>>> keycloak-user(a)lists.jboss.org
>>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>