[keycloak-user] How to add Admin User
Marek Posolda
mposolda at redhat.com
Mon Apr 18 06:35:46 EDT 2016
I suggest to try again against clean environment (database). Are you
using default H2 database? If so, you can just delete directory
/opt/wildfly/standalone/data. Then you can start again and admin user
from '/opt/wildfly/standalone/configuration/keycloak-add-user.json'
should be correctly imported and you should be able to login.
Marek
On 18/04/16 10:04, Andrej Prievalsky wrote:
> OK, but when we created user with add-user-keycloak.sh:
>
> [sab at idm69 wildfly]$ ./bin/add-user-keycloak.sh -r master -u admin -p
> admin
>
> Added 'admin' to
> '/opt/wildfly/standalone/configuration/keycloak-add-user.json',
> restart server to load user
>
> After restart server, we can't login with admin user and password admin.
> We got Error message: Invalid username or password.
>
>
> Can be problem on your side or in our setup and configuration?
>
> On Fri, Apr 15, 2016 at 3:25 PM, Stian Thorgersen <sthorger at redhat.com
> <mailto:sthorger at redhat.com>> wrote:
>
> With server overlay use add-user-keycloak and restart the server
>
> On 15 April 2016 at 14:43, Andrej Prievalsky <ado.boj.83 at gmail.com
> <mailto:ado.boj.83 at gmail.com>> wrote:
>
> Hi All,
>
> in setup Wildfly-10 in domain mode +
> keycloak-overlay-1.9.2.Final I tried to create Admin User in
> two ways like in guide:
>
> 1.) via bin/add-user.[sh|bat] -r master -u <username> -p
> <password>
> I got this ERROR:
>
> /[sab at idm69 wildfly]$ ./bin/add-user.sh -r master -u admin -p
> tmo46713/
>
> //
>
> /* Error */
>
> /WFLYDM0065: The user supplied realm name 'master' does not
> match the realm name discovered from the property file(s)
> 'ManagementRealm'./
>
> //
>
> /Exception in thread "main"
> org.jboss.as.domain.management.security.adduser.AddUserFailedException:
> WFLYDM0065: The user supplied realm name 'master' does not
> match the realm name discovered from the property file(s)
> 'ManagementRealm'./
>
> / at
> org.jboss.as.domain.management.security.adduser.ErrorState.execute(ErrorState.java:72)/
>
> / at
> org.jboss.as.domain.management.security.adduser.AddUser.run(AddUser.java:130)/
>
> / at
> org.jboss.as.domain.management.security.adduser.AddUser.main(AddUser.java:223)/
>
> / at
> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)/
>
> / at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)/
>
> / at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)/
>
> / at java.lang.reflect.Method.invoke(Method.java:497)/
>
> / at org.jboss.modules.Module.run(Module.java:329)/
>
> / at org.jboss.modules.Main.main(Main.java:507)/
>
> /
> /
>
> 2.) via bin/add-user-keycloak.[sh|bat] -r master -u <username>
> -p <password>
>
> User was created under standalone path.
>
>
> Thanks and Best Regards
>
> Andrej.
>
>
>
> On Thu, Mar 3, 2016 at 7:18 PM, Stian Thorgersen
> <sthorger at redhat.com <mailto:sthorger at redhat.com>> wrote:
>
> Please read the documentation it explains it all
> http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e116
>
> On 3 March 2016 at 16:24, Andrej Prievalsky
> <ado.boj.83 at gmail.com <mailto:ado.boj.83 at gmail.com>> wrote:
>
> Hi all,
>
> 1.) meantime I tried on keycloak-overlay-1.7.0.Final
> via add-user-keycloak.sh script in wildfly domain mode
> create Admin user and I got:
>
> [root at keycloakoverlay /opt/wildfly/bin]$
> ./add-user-keycloak.sh -u admin -p admin
> Added 'admin' to
> '*/opt/wildfly/standalone/configuration/keycloak-add-user.json*',
> restart server to load user
>
> Is it correct, that user is created in standalone path?
>
> ----------------------------------------------------------------------------
>
> 2.) can I in version 1.7.0.Final create or replace
> Admin user for Master realm with permanent password,
> which could be created automatically via command line
> and not needed change password manually after first login?
>
> Thanks,
> Andrej.
>
>
> On Thu, Mar 3, 2016 at 1:50 PM, Stian Thorgersen
> <sthorger at redhat.com <mailto:sthorger at redhat.com>> wrote:
>
>
>
> On 3 March 2016 at 13:48, Stan Silvert
> <ssilvert at redhat.com <mailto:ssilvert at redhat.com>>
> wrote:
>
> On 3/3/2016 12:09 AM, Stian Thorgersen wrote:
>> The standard add-user script adds WildFly
>> users, we want the standard script to add
>> Keycloak users. It's a Keycloak server after all.
> You still need WildFly users if you want to
> use CLI (remotely) or web console. As far as I
> know, we can't secure those things with
> Keycloak yet.
>
>
> In the future we will secure it with Keycloak, in
> the mean time the add-user has a '--container' option.
>
>
> There are workarounds, but I'm just saying,
> WildFly add-user.sh is a useful tool that we
> might want to still ship in some form until
> such time that CLI and web console is fully
> integrated with Keycloak.
>
>>
>> On 2 March 2016 at 20:00, Stan Silvert
>> <ssilvert at redhat.com
>> <mailto:ssilvert at redhat.com>> wrote:
>>
>> On 3/2/2016 1:50 PM, Stian Thorgersen wrote:
>>> Not a chance. In server dist we want to
>>> hide WildFly's add-user script.
>> I could guess, but I have to ask, why?
>>
>>
>>>
>>> On 2 March 2016 at 14:12, Stan Silvert
>>> <ssilvert at redhat.com
>>> <mailto:ssilvert at redhat.com>> wrote:
>>>
>>> On 3/2/2016 7:02 AM, Stian
>>> Thorgersen wrote:
>>>> In overlay the script should be
>>>> add-user-keycloak. The overlay adds
>>>> Keycloak server to an existing
>>>> WildFly installation so we don't
>>>> want to overwrite any existing
>>>> files. I appreciate this may be
>>>> confusing and inconsistent, but at
>>>> the same time if we did overwrite
>>>> people would probably complain
>>>> about us overwriting the existing
>>>> script.
>>>>
>>>> In the server dist this doesn't
>>>> apply as the server is purely a
>>>> Keycloak server, not a WildFly server.
>>> I guess the solution would be to
>>> make server dist consistent with
>>> overlay, so both are
>>> add-user-keycloak. Not sure how I
>>> feel about that.
>>>
>>>
>>>
>>>>
>>>> On 2 March 2016 at 11:10, Bruno
>>>> Oliveira <bruno at abstractj.org
>>>> <mailto:bruno at abstractj.org>> wrote:
>>>>
>>>> I'm not sure if I follow your
>>>> question but './add-user.sh -u
>>>> admin -p admin' or
>>>> './add-user.sh -u admin' should
>>>> work.
>>>>
>>>> On Wed, Mar 2, 2016 at 7:03 AM
>>>> Andrej Prievalsky
>>>> <ado.boj.83 at gmail.com
>>>> <mailto:ado.boj.83 at gmail.com>>
>>>> wrote:
>>>>
>>>> Hi Bruno,
>>>>
>>>> thanks for answer.
>>>> But from
>>>> http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e116
>>>> and section: *...you can
>>>> use the add-user script
>>>> from the command-line.*
>>>> is my question is how
>>>> exactly should looks like
>>>> command with add-user script?
>>>> Because in past we used
>>>> this command: add-user.sh
>>>> –container -u admin -p admin
>>>>
>>>> Andrej.
>>>>
>>>>
>>>> On Wed, Mar 2, 2016 at
>>>> 10:38 AM, Bruno Oliveira
>>>> <bruno at abstractj.org
>>>> <mailto:bruno at abstractj.org>>
>>>> wrote:
>>>>
>>>> Hi Andrej, answers inline
>>>>
>>>> On Wed, Mar 2, 2016 at
>>>> 6:13 AM Andrej
>>>> Prievalsky
>>>> <ado.boj.83 at gmail.com
>>>> <mailto:ado.boj.83 at gmail.com>>
>>>> wrote:
>>>>
>>>> Hi,
>>>>
>>>> I would like to
>>>> summary information
>>>> about How to add
>>>> Admin User -
>>>> chapter 3.2.1.
>>>>
>>>> My questions are:
>>>> 1.) From which
>>>> version (including)
>>>> is new concept,
>>>> that there is no
>>>> built in user?
>>>>
>>>>
>>>> 1.8.0 See:
>>>> http://keycloak.github.io/docs/userguide/keycloak-server/html/Migration_from_older_versions.html#d4e4031
>>>>
>>>> 2a.) What is exact
>>>> command via
>>>> add-user script
>>>> (add-user.sh) for
>>>> create admin user ?
>>>>
>>>>
>>>> See:
>>>> http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e116
>>>>
>>>> 2b.) Same question
>>>> like in 2a, but in
>>>> keycloak-overlay
>>>> (add-user-keycloak.sh)?
>>>>
>>>>
>>>> You are correct. Maybe
>>>> this is an
>>>> inconsistency to be fixed.
>>>>
>>>>
>>>> Thanks and Best
>>>> Regards,
>>>> Andrej.
>>>> _______________________________________________
>>>> keycloak-user
>>>> mailing list
>>>> keycloak-user at lists.jboss.org
>>>> <mailto:keycloak-user at lists.jboss.org>
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> <mailto:keycloak-user at lists.jboss.org>
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> <mailto:keycloak-user at lists.jboss.org>
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> <mailto:keycloak-user at lists.jboss.org>
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>>
>>
>>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> <mailto:keycloak-user at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160418/8b661fe5/attachment-0001.html
More information about the keycloak-user
mailing list