Hi all,
I would like to ask again only for confirmation.
My setup is keycloak overlay in domain mode.
Question is how can I create Admin keycloak user in this setup.
With only domain option it doesn't work:
[sab@idm72 wildfly]$ ./bin/add-user-keycloak.sh -r master -u admin -p admin
--domain
Added 'admin' to
'/opt/wildfly/domain/configuration/keycloak-add-user.json',
restart server to load user
But with next option I got and it works:
sab@idm72 wildfly]$ ./bin/add-user-keycloak.sh -r master -u admin -p admin
--domain --dc /opt/wildfly/domain/servers/idm-server-idm72/configuration/
Added 'admin' to '/opt/wildfly/
domain/servers/idm-server-idm72/configuration/keycloak-add-user.json',
restart server to load user
Are needed for domain mode both options?
Best Regards,
Andrej.
On Tue, Apr 19, 2016 at 3:43 PM, Andrej Prievalsky <ado.boj.83(a)gmail.com>
wrote:
With only domain option I got and it doesn't work:
[sab@idm72 wildfly]$ ./bin/add-user-keycloak.sh -r master -u admin -p
admin --domain
Added 'admin' to
'/opt/wildfly/domain/configuration/keycloak-add-user.json',
restart server to load user
But with next option I got and it works:
sab@idm72 wildfly]$ ./bin/add-user-keycloak.sh -r master -u admin -p
admin --domain --dc
/opt/wildfly/domain/servers/idm-server-idm72/configuration/
Added 'admin' to '/opt/wildfly/
domain/servers/idm-server-idm72/configuration/keycloak-add-user.json',
restart server to load user
Are needed for domain both options?
On Tue, Apr 19, 2016 at 1:15 PM, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
> There's a domain option:
> bin/add-user-keycloak.[sh|bat] -r master -u <username> -p <password>
> --domain
>
> On 19 April 2016 at 13:09, Andrej Prievalsky <ado.boj.83(a)gmail.com>
> wrote:
>
>> Hi all,
>>
>> @Marek: I am using H2 database. I can't delete /opt/wildfly/standalone/data,
>> because this folder is not present.
>>
>> But, for our domain mode we have to move created
>> /opt/wildfly/standalone/configuration/keycloak-add-user.json to
>> /opt/wildfly/domain/servers/{server-name}/configuration
>> and after we could login to keycloak admin console.
>>
>> So in summary we have to in domain mode for create admin user:
>> 1.) bin/add-user-keycloak.[sh|bat] -r master -u <username> -p
<password>
>> 2.) copy /opt/wildfly/standalone/configuration/keycloak-add-user.json
>> to /opt/wildfly/domain/servers/{server-name}/configuration
>> 3.) restart server
>>
>> Are this steps correctly and expected from your side?
>>
>>
>>
>> On Tue, Apr 19, 2016 at 8:40 AM, Andrej Prievalsky <ado.boj.83(a)gmail.com
>> > wrote:
>>
>>> Thanks Marek, I will try your hint.
>>> @Stian: I am trying login to Keycloak admin console.
>>>
>>> On Mon, Apr 18, 2016 at 1:59 PM, Stian Thorgersen
<sthorger(a)redhat.com>
>>> wrote:
>>>
>>>> Just to confirm are you trying to login to Keycloak admin console or
>>>> WildFly console?
>>>>
>>>> On 18 April 2016 at 10:04, Andrej Prievalsky
<ado.boj.83(a)gmail.com>
>>>> wrote:
>>>>
>>>>> OK, but when we created user with add-user-keycloak.sh:
>>>>>
>>>>> [sab@idm69 wildfly]$ ./bin/add-user-keycloak.sh -r master -u admin
>>>>> -p admin
>>>>> Added 'admin' to
>>>>>
'/opt/wildfly/standalone/configuration/keycloak-add-user.json', restart
>>>>> server to load user
>>>>>
>>>>> After restart server, we can't login with admin user and
password
>>>>> admin.
>>>>> We got Error message: Invalid username or password.
>>>>>
>>>>>
>>>>> Can be problem on your side or in our setup and configuration?
>>>>>
>>>>> On Fri, Apr 15, 2016 at 3:25 PM, Stian Thorgersen <
>>>>> sthorger(a)redhat.com> wrote:
>>>>>
>>>>>> With server overlay use add-user-keycloak and restart the server
>>>>>>
>>>>>> On 15 April 2016 at 14:43, Andrej Prievalsky
<ado.boj.83(a)gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi All,
>>>>>>>
>>>>>>> in setup Wildfly-10 in domain mode +
keycloak-overlay-1.9.2.Final I
>>>>>>> tried to create Admin User in two ways like in guide:
>>>>>>>
>>>>>>> 1.) via bin/add-user.[sh|bat] -r master -u <username>
-p <password>
>>>>>>> I got this ERROR:
>>>>>>>
>>>>>>> *[sab@idm69 wildfly]$ ./bin/add-user.sh -r master -u admin
-p
>>>>>>> tmo46713*
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ** Error **
>>>>>>>
>>>>>>> *WFLYDM0065: The user supplied realm name 'master'
does not match
>>>>>>> the realm name discovered from the property file(s)
'ManagementRealm'.*
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> *Exception in thread "main"
>>>>>>>
org.jboss.as.domain.management.security.adduser.AddUserFailedException:
>>>>>>> WFLYDM0065: The user supplied realm name 'master'
does not match the realm
>>>>>>> name discovered from the property file(s)
'ManagementRealm'.*
>>>>>>>
>>>>>>> * at
>>>>>>>
org.jboss.as.domain.management.security.adduser.ErrorState.execute(ErrorState.java:72)*
>>>>>>>
>>>>>>> * at
>>>>>>>
org.jboss.as.domain.management.security.adduser.AddUser.run(AddUser.java:130)*
>>>>>>>
>>>>>>> * at
>>>>>>>
org.jboss.as.domain.management.security.adduser.AddUser.main(AddUser.java:223)*
>>>>>>>
>>>>>>> * at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>>>>>> Method)*
>>>>>>>
>>>>>>> * at
>>>>>>>
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)*
>>>>>>>
>>>>>>> * at
>>>>>>>
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)*
>>>>>>>
>>>>>>> * at
java.lang.reflect.Method.invoke(Method.java:497)*
>>>>>>>
>>>>>>> * at org.jboss.modules.Module.run(Module.java:329)*
>>>>>>>
>>>>>>> * at org.jboss.modules.Main.main(Main.java:507)*
>>>>>>>
>>>>>>>
>>>>>>> 2.) via bin/add-user-keycloak.[sh|bat] -r master -u
<username> -p
>>>>>>> <password>
>>>>>>>
>>>>>>> User was created under standalone path.
>>>>>>>
>>>>>>>
>>>>>>> Thanks and Best Regards
>>>>>>>
>>>>>>> Andrej.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Thu, Mar 3, 2016 at 7:18 PM, Stian Thorgersen <
>>>>>>> sthorger(a)redhat.com> wrote:
>>>>>>>
>>>>>>>> Please read the documentation it explains it all
>>>>>>>>
http://keycloak.github.io/docs/userguide/keycloak-server/html/server-inst...
>>>>>>>>
>>>>>>>> On 3 March 2016 at 16:24, Andrej Prievalsky
<ado.boj.83(a)gmail.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> Hi all,
>>>>>>>>>
>>>>>>>>> 1.) meantime I tried on keycloak-overlay-1.7.0.Final
via
>>>>>>>>> add-user-keycloak.sh script in wildfly domain mode
create Admin user and I
>>>>>>>>> got:
>>>>>>>>>
>>>>>>>>> [root@keycloakoverlay /opt/wildfly/bin]$
./add-user-keycloak.sh
>>>>>>>>> -u admin -p admin
>>>>>>>>> Added 'admin' to '
>>>>>>>>>
*/opt/wildfly/standalone/configuration/keycloak-add-user.json*',
>>>>>>>>> restart server to load user
>>>>>>>>>
>>>>>>>>> Is it correct, that user is created in standalone
path?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
----------------------------------------------------------------------------
>>>>>>>>>
>>>>>>>>> 2.) can I in version 1.7.0.Final create or replace
Admin user for
>>>>>>>>> Master realm with permanent password, which could be
created automatically
>>>>>>>>> via command line and not needed change password
manually after first login?
>>>>>>>>>
>>>>>>>>> Thanks,
>>>>>>>>> Andrej.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Thu, Mar 3, 2016 at 1:50 PM, Stian Thorgersen
<
>>>>>>>>> sthorger(a)redhat.com> wrote:
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On 3 March 2016 at 13:48, Stan Silvert
<ssilvert(a)redhat.com>
>>>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>>> On 3/3/2016 12:09 AM, Stian Thorgersen
wrote:
>>>>>>>>>>>
>>>>>>>>>>> The standard add-user script adds WildFly
users, we want the
>>>>>>>>>>> standard script to add Keycloak users.
It's a Keycloak server after all.
>>>>>>>>>>>
>>>>>>>>>>> You still need WildFly users if you want to
use CLI (remotely)
>>>>>>>>>>> or web console. As far as I know, we
can't secure those things with
>>>>>>>>>>> Keycloak yet.
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> In the future we will secure it with Keycloak, in
the mean time
>>>>>>>>>> the add-user has a '--container' option.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> There are workarounds, but I'm just
saying, WildFly add-user.sh
>>>>>>>>>>> is a useful tool that we might want to still
ship in some form until such
>>>>>>>>>>> time that CLI and web console is fully
integrated with Keycloak.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On 2 March 2016 at 20:00, Stan Silvert
<ssilvert(a)redhat.com>
>>>>>>>>>>> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> On 3/2/2016 1:50 PM, Stian Thorgersen
wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> Not a chance. In server dist we want to
hide WildFly's
>>>>>>>>>>>> add-user script.
>>>>>>>>>>>>
>>>>>>>>>>>> I could guess, but I have to ask, why?
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On 2 March 2016 at 14:12, Stan Silvert
<ssilvert(a)redhat.com>
>>>>>>>>>>>> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> On 3/2/2016 7:02 AM, Stian Thorgersen
wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>> In overlay the script should be
add-user-keycloak. The
>>>>>>>>>>>>> overlay adds Keycloak server to an
existing WildFly installation so we
>>>>>>>>>>>>> don't want to overwrite any
existing files. I appreciate this may be
>>>>>>>>>>>>> confusing and inconsistent, but at
the same time if we did overwrite people
>>>>>>>>>>>>> would probably complain about us
overwriting the existing script.
>>>>>>>>>>>>>
>>>>>>>>>>>>> In the server dist this doesn't
apply as the server is purely
>>>>>>>>>>>>> a Keycloak server, not a WildFly
server.
>>>>>>>>>>>>>
>>>>>>>>>>>>> I guess the solution would be to make
server dist consistent
>>>>>>>>>>>>> with overlay, so both are
add-user-keycloak. Not sure how I feel about
>>>>>>>>>>>>> that.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On 2 March 2016 at 11:10, Bruno
Oliveira <bruno(a)abstractj.org
>>>>>>>>>>>>> > wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> I'm not sure if I follow your
question but './add-user.sh -u
>>>>>>>>>>>>>> admin -p admin' or
'./add-user.sh -u admin' should work.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Wed, Mar 2, 2016 at 7:03 AM
Andrej Prievalsky <
>>>>>>>>>>>>>> ado.boj.83(a)gmail.com> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Hi Bruno,
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> thanks for answer.
>>>>>>>>>>>>>>> But from
>>>>>>>>>>>>>>>
http://keycloak.github.io/docs/userguide/keycloak-server/html/server-inst...
>>>>>>>>>>>>>>> and section: *...you can use
the add-user script from the
>>>>>>>>>>>>>>> command-line.*
>>>>>>>>>>>>>>> is my question is how exactly
should looks like command
>>>>>>>>>>>>>>> with add-user script?
>>>>>>>>>>>>>>> Because in past we used this
command: add-user.sh
>>>>>>>>>>>>>>> –container -u admin -p admin
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Andrej.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On Wed, Mar 2, 2016 at 10:38
AM, Bruno Oliveira <
>>>>>>>>>>>>>>> bruno(a)abstractj.org>
wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Hi Andrej, answers
inline
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> On Wed, Mar 2, 2016 at
6:13 AM Andrej Prievalsky <
>>>>>>>>>>>>>>>> ado.boj.83(a)gmail.com>
wrote:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> I would like to
summary information about How to add
>>>>>>>>>>>>>>>>> Admin User - chapter
3.2.1.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> My questions are:
>>>>>>>>>>>>>>>>> 1.) From which
version (including) is new concept, that
>>>>>>>>>>>>>>>>> there is no built in
user?
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> 1.8.0 See:
>>>>>>>>>>>>>>>>
http://keycloak.github.io/docs/userguide/keycloak-server/html/Migration_f...
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> 2a.) What is exact
command via add-user script
>>>>>>>>>>>>>>>>> (add-user.sh) for
create admin user ?
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> See:
>>>>>>>>>>>>>>>>
http://keycloak.github.io/docs/userguide/keycloak-server/html/server-inst...
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> 2b.) Same question
like in 2a, but in keycloak-overlay (
>>>>>>>>>>>>>>>>>
add-user-keycloak.sh)?
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> You are correct. Maybe
this is an inconsistency to be
>>>>>>>>>>>>>>>> fixed.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Thanks and Best
Regards,
>>>>>>>>>>>>>>>>> Andrej.
>>>>>>>>>>>>>>>>>
_______________________________________________
>>>>>>>>>>>>>>>>> keycloak-user mailing
list
>>>>>>>>>>>>>>>>>
keycloak-user(a)lists.jboss.org
>>>>>>>>>>>>>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
_______________________________________________
>>>>>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>>>>>> keycloak-user(a)lists.jboss.org
>>>>>>>>>>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
_______________________________________________
>>>>>>>>>>>>> keycloak-user mailing
listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
_______________________________________________
>>>>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>>>>> keycloak-user(a)lists.jboss.org
>>>>>>>>>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>> keycloak-user(a)lists.jboss.org
>>>>>>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>