Hi all,

I would like to ask again only for confirmation.
My setup is keycloak overlay in domain mode.
Question is how can I create Admin keycloak user in this setup.

With only domain option it doesn't work:

[sab@idm72 wildfly]$ ./bin/add-user-keycloak.sh -r master -u admin -p admin --domain

Added 'admin' to '/opt/wildfly/domain/configuration/keycloak-add-user.json', restart server to load user


But with next option I got and it works:

sab@idm72 wildfly]$ ./bin/add-user-keycloak.sh -r master -u admin -p admin --domain --dc /opt/wildfly/domain/servers/idm-server-idm72/configuration/

Added 'admin' to '/opt/wildfly/domain/servers/idm-server-idm72/configuration/keycloak-add-user.json', restart server to load user


Are needed for domain mode both options?


Best Regards,

Andrej.



On Tue, Apr 19, 2016 at 3:43 PM, Andrej Prievalsky <ado.boj.83@gmail.com> wrote:
With only domain option I got and it doesn't work:

[sab@idm72 wildfly]$ ./bin/add-user-keycloak.sh -r master -u admin -p admin --domain

Added 'admin' to '/opt/wildfly/domain/configuration/keycloak-add-user.json', restart server to load user


But with next option I got and it works:

sab@idm72 wildfly]$ ./bin/add-user-keycloak.sh -r master -u admin -p admin --domain --dc /opt/wildfly/domain/servers/idm-server-idm72/configuration/

Added 'admin' to '/opt/wildfly/domain/servers/idm-server-idm72/configuration/keycloak-add-user.json', restart server to load user


Are needed for domain both options?


On Tue, Apr 19, 2016 at 1:15 PM, Stian Thorgersen <sthorger@redhat.com> wrote:
There's a domain option:
bin/add-user-keycloak.[sh|bat] -r master -u <username> -p <password> --domain

On 19 April 2016 at 13:09, Andrej Prievalsky <ado.boj.83@gmail.com> wrote:
Hi all,

@Marek: I am using H2 database. I can't delete /opt/wildfly/standalone/data, because this folder is not present.

But, for our domain mode we have to move created /opt/wildfly/standalone/configuration/keycloak-add-user.json to 
/opt/wildfly/domain/servers/{server-name}/configuration
and after we could login to keycloak admin console.

So in summary we have to in domain mode for create admin user:
1.) bin/add-user-keycloak.[sh|bat] -r master -u <username> -p <password>
2.) copy /opt/wildfly/standalone/configuration/keycloak-add-user.json to /opt/wildfly/domain/servers/{server-name}/configuration
3.) restart server

Are this steps correctly and expected from your side?



On Tue, Apr 19, 2016 at 8:40 AM, Andrej Prievalsky <ado.boj.83@gmail.com> wrote:
Thanks Marek, I will try your hint.
@Stian: I am trying login to Keycloak admin console.

On Mon, Apr 18, 2016 at 1:59 PM, Stian Thorgersen <sthorger@redhat.com> wrote:
Just to confirm are you trying to login to Keycloak admin console or WildFly console?

On 18 April 2016 at 10:04, Andrej Prievalsky <ado.boj.83@gmail.com> wrote:
OK, but when we created user with add-user-keycloak.sh:

[sab@idm69 wildfly]$ ./bin/add-user-keycloak.sh -r master -u admin -p admin

Added 'admin' to '/opt/wildfly/standalone/configuration/keycloak-add-user.json', restart server to load user

After restart server, we can't login with admin user and password admin.
We got Error message: Invalid username or password.


Can be problem on your side or in our setup and configuration?

On Fri, Apr 15, 2016 at 3:25 PM, Stian Thorgersen <sthorger@redhat.com> wrote:
With server overlay use add-user-keycloak and restart the server

On 15 April 2016 at 14:43, Andrej Prievalsky <ado.boj.83@gmail.com> wrote:
Hi All,

in setup Wildfly-10 in domain mode + keycloak-overlay-1.9.2.Final I tried to create Admin User in two ways like in guide:

1.) via bin/add-user.[sh|bat] -r master -u <username> -p <password>
I got this ERROR:

[sab@idm69 wildfly]$ ./bin/add-user.sh -r master -u admin -p tmo46713

 

* Error *

WFLYDM0065: The user supplied realm name 'master' does not match the realm name discovered from the property file(s) 'ManagementRealm'.

 

Exception in thread "main" org.jboss.as.domain.management.security.adduser.AddUserFailedException: WFLYDM0065: The user supplied realm name 'master' does not match the realm name discovered from the property file(s) 'ManagementRealm'.

        at org.jboss.as.domain.management.security.adduser.ErrorState.execute(ErrorState.java:72)

        at org.jboss.as.domain.management.security.adduser.AddUser.run(AddUser.java:130)

        at org.jboss.as.domain.management.security.adduser.AddUser.main(AddUser.java:223)

        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

        at java.lang.reflect.Method.invoke(Method.java:497)

        at org.jboss.modules.Module.run(Module.java:329)

        at org.jboss.modules.Main.main(Main.java:507)


2.) via bin/add-user-keycloak.[sh|bat] -r master -u <username> -p <password>

User was created under standalone path.


Thanks and Best Regards

Andrej.



On Thu, Mar 3, 2016 at 7:18 PM, Stian Thorgersen <sthorger@redhat.com> wrote:

On 3 March 2016 at 16:24, Andrej Prievalsky <ado.boj.83@gmail.com> wrote:
Hi all,

1.) meantime I tried on keycloak-overlay-1.7.0.Final via add-user-keycloak.sh script in wildfly domain mode create Admin user  and I got:

[root@keycloakoverlay /opt/wildfly/bin]$ ./add-user-keycloak.sh -u admin -p admin
Added 'admin' to '/opt/wildfly/standalone/configuration/keycloak-add-user.json', restart server to load user

Is it correct, that user is created in standalone path?

----------------------------------------------------------------------------

2.) can I in version 1.7.0.Final create or replace Admin user for Master realm with permanent password, which could be created automatically via command line and not needed change password manually after first login?

Thanks,
Andrej.


On Thu, Mar 3, 2016 at 1:50 PM, Stian Thorgersen <sthorger@redhat.com> wrote:


On 3 March 2016 at 13:48, Stan Silvert <ssilvert@redhat.com> wrote:
On 3/3/2016 12:09 AM, Stian Thorgersen wrote:
The standard add-user script adds WildFly users, we want the standard script to add Keycloak users. It's a Keycloak server after all.
You still need WildFly users if you want to use CLI (remotely) or web console.   As far as I know, we can't secure those things with Keycloak yet.

In the future we will secure it with Keycloak, in the mean time the add-user has a '--container' option.
 

There are workarounds, but I'm just saying, WildFly add-user.sh is a useful tool that we might want to still ship in some form until such time that CLI and web console is fully integrated with Keycloak.


On 2 March 2016 at 20:00, Stan Silvert <ssilvert@redhat.com> wrote:
On 3/2/2016 1:50 PM, Stian Thorgersen wrote:
Not a chance. In server dist we want to hide WildFly's add-user script.
I could guess, but I have to ask, why?



On 2 March 2016 at 14:12, Stan Silvert <ssilvert@redhat.com> wrote:
On 3/2/2016 7:02 AM, Stian Thorgersen wrote:
In overlay the script should be add-user-keycloak. The overlay adds Keycloak server to an existing WildFly installation so we don't want to overwrite any existing files. I appreciate this may be confusing and inconsistent, but at the same time if we did overwrite people would probably complain about us overwriting the existing script.

In the server dist this doesn't apply as the server is purely a Keycloak server, not a WildFly server.
I guess the solution would be to make server dist consistent with overlay, so both are add-user-keycloak.  Not sure how I feel about that.




On 2 March 2016 at 11:10, Bruno Oliveira <bruno@abstractj.org> wrote:
I'm not sure if I follow your question but './add-user.sh -u admin -p admin' or './add-user.sh -u admin' should work. 

On Wed, Mar 2, 2016 at 7:03 AM Andrej Prievalsky <ado.boj.83@gmail.com> wrote:
Hi Bruno, 

thanks for answer.
and section: ...you can use the add-user script from the command-line.
is my question is how exactly should looks like command with add-user script?
Because in past we used this command: add-user.sh –container -u admin -p admin

Andrej.


On Wed, Mar 2, 2016 at 10:38 AM, Bruno Oliveira <bruno@abstractj.org> wrote:
Hi Andrej, answers inline

On Wed, Mar 2, 2016 at 6:13 AM Andrej Prievalsky <ado.boj.83@gmail.com> wrote:
Hi,

I would like to summary information about How to add Admin User - chapter 3.2.1.

My questions are:
1.) From which version (including) is new concept, that there is no built in user?

 
2a.) What is exact command via add-user script (add-user.sh) for create admin user ?

 
2b.) Same question like in 2a, but in keycloak-overlay (add-user-keycloak.sh)?

You are correct. Maybe this is an inconsistency to be fixed. 

Thanks and Best Regards,
Andrej.
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user


_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user



_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user


_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user






_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user