[keycloak-dev] Changing password of admin user

Stian Thorgersen sthorger at redhat.com
Tue Sep 6 05:29:30 EDT 2016

On 6 September 2016 at 10:06, Thomas Darimont <
thomas.darimont at googlemail.com> wrote:

> Hello group,
> keycloak ships with the add-user-keycloak.sh script to create an initial
> realm admin user
> with the provided username / password combination.
> We're currently running this script every time when our keycloak docker
> container
> starts which triggers a Unique Constraint Violation if the admin user has
> already been created
> - which is what I would expect.
> 07:52:39,103 ERROR [org.keycloak.services] (ServerService Thread Pool --
> 56) KC-SERVICES0010: Failed to add user 'admin' to realm 'master': user
> with username exists
> -> Perhaphs an option like "create if not exists" would be nice.

You can obviously just ignore that error message, but adding an option to
suppress doesn't hurt

> Since we need to periodically change the password of that admin user I
> wonder how this should be
> done. Since the add-user-keycloak.sh doesn't seem to provide a way to
> change a password the only way seems to be changing the admin password in
> the realm admin-console.

It wasn't intended as a tool to reset the password. It's purely a tool to
add an initial admin user.

> However it is easy to get locked out of Keycloak if one changes the
> password via the realm admin-console e.g. due to a typo...

Add a new user. You could also do other mistakes like removing roles from
the admin user. That's why adding a new user is a recovery option that
always works.

> Cheers,
> Thomas
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160906/25ecc8e9/attachment.html 

More information about the keycloak-dev mailing list