Hi all,
I am trying to configure Keycloak in Domain Clustered Mode. I already was
able to create a little bit more advanced configuration (with external
database and loadbalancer and so on) in standalone clustered mode and I am
trying to transfer this configuration to domain clustered mode. But I am not
able to create the initial admin account in domain clustered mode, so I
tried to narrow the problem down with leaving everything on default and just
try to create that account.
So the basic setup is:
- Download and unzip keycloak-8.0.1.zip
- Start master (including loadbalancer): ./bin/domain.sh
--host-config=host-master.xml
(basically the "Clustered Domain Example" from the documentation without the
slave node instance.)
When accessing keycloak (locally) I get the message "You need local access
to create the initial admin user. Open
http://localhost:8080/auth or use the
add-user-keycloak script."
When I open
http://localhost:8080/auth I get the exact same message. When I
open
http://localhost:8080/auth/admin, I get a login form.
So I tried to use the script add-user-keycloak.sh:
./bin/add-user-keycloak.sh -r master -u admin -p Test --domain --dc
$KH/keycloak-8.0.1/domain/configuration/
Added 'admin' to
'/opt/kc0/keycloak-8.0.1/domain/configuration/keycloak-add-user.json',
restart server to load user
... and then restarted the server. But I still get the message "You need
local access ...." and when trying to login directly via .../auth/admin I
get "Invalid username or password.". Log output:
[Server:server-one] 08:52:10,560 WARN [org.keycloak.events] (default
task-2) type=LOGIN_ERROR, realmId=master, clientId=security-admin-console,
userId=null, ipAddress=127.0.0.1, error=user_not_found,
auth_method=openid-connect, auth_type=code,
redirect_uri=http://localhost:8080/auth/admin/master/console/,
code_id=b4fb71f2-6e61-40c9-8953-506e589a1a0a, username=admin,
authSessionParentId=b4fb71f2-6e61-40c9-8953-506e589a1a0a,
authSessionTabId=RZzwAXq3BEw
The content of ../domain/configuration/keycloak-add-user.json looks OK for
me:
[ {
"realm" : "master",
"users" : [ {
"username" : "admin",
"enabled" : true,
"credentials" : [ {
"type" : "password",
"secretData" :
"{\"value\":\"s0uo+lD2jgE+i68wWym1El6mlsMKJY3fkxlOMpRul9FBUv5vmQA/YbCC541NkP
2EXOp6UjQYtSErkI9OQnM65Q==\",\"salt\":\"WYn5KUEDP+LbxGQQDZfnSg==\"}",
"credentialData" :
"{\"hashIterations\":100000,\"algorithm\":\"pbkdf2-sha256\"}"
} ],
"realmRoles" : [ "admin" ]
} ]
What step did I miss in order to create the administrative account needed
for the initial login?
Thanks!
Hans