[keycloak-user] Cannot log in as admin when using docker image 2.0.0 mysql
Stian Thorgersen
sthorger at redhat.com
Thu Aug 18 00:14:30 EDT 2016
Strange one - do you have a debug log available from first time starting
the 2.0 image? The migration logs may shed some light on what's happened.
On 17 August 2016 at 22:29, Kevin Thorpe <kevin.thorpe at p-i.net> wrote:
> Yes I understand why the warnings about adding the admin user. That
> actually makes me comfortable that it is connecting to the mysql database
> correctly.
>
> What is odd is the subsequent empty config. The mysql database is still
> fully populated. So it looks horribly like it's not using the mysql db at
> all.
>
> On 17 Aug 2016 20:53, "Jagannadha Rekala" <jarekala at axway.com> wrote:
>
>> Kevin,
>>
>>
>>
>> Since the admin user already exists in the older database it cannot
>> create the same user. You can take export of the older database from a
>> standalone (not dockered) Keycloak version 1.7.0. This will export into a
>> json file and you can verify whether that export has all the data that you
>> wanted. Then you can import the same into the Keycloak 2.0.0 that is
>> started in the newer database. This is just a work-around to see whether
>> data still persists but not sure what caused the data being deleted from
>> the database of 1.7.0.
>>
>>
>>
>> You can refer the following link for export and import
>>
>>
>>
>> https://access.redhat.com/documentation/en/red-hat-single-
>> sign-on/7.0/paged/server-administration-guide/chapter-
>> 16-export-and-import
>>
>>
>>
>>
>>
>> Thanks,
>>
>> Jagan Rekala
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> *From:* Kevin Thorpe [mailto:kevin.thorpe at p-i.net]
>> *Sent:* Wednesday, August 17, 2016 10:29 AM
>> *To:* Jagannadha Rekala <jarekala at axway.com>
>> *Cc:* keycloak-user <keycloak-user at lists.jboss.org>
>> *Subject:* Re: [keycloak-user] Cannot log in as admin when using docker
>> image 2.0.0 mysql
>>
>>
>>
>> Ah, ok I'll try that. The original issue though was that it wasn't
>> picking up the admin user from the existing 1.7.0 database.
>>
>>
>>
>> Ok. Now I've got further. I can start Keycloak 2.0.0 on a new database by
>> adding the admin user to the environment. It still doesn't work on my old
>> database.
>>
>>
>>
>> I get these errors indicating that it's trying to add the admin user and
>> failing as it already exists:
>>
>> keycloak_1 | 2016-08-17T17:24:10.666079599Z 17:24:10,665 INFO
>> [org.keycloak.services] (ServerService Thread Pool -- 49) KC-SERVICES0006:
>> Importing users from '/opt/jboss/keycloak/standalon
>> e/configuration/keycloak-add-user.json'
>>
>> keycloak_1 | 2016-08-17T17:24:10.777277798Z 17:24:10,777 WARN
>> [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (ServerService
>> Thread Pool -- 49) SQL Error: 1062, SQLState: 23000
>>
>> keycloak_1 | 2016-08-17T17:24:10.777402463Z 17:24:10,777 ERROR
>> [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (ServerService Thread
>> Pool -- 49) Duplicate entry 'master-admin' for key
>> 'UK_RU8TT6T700S9V50BU18WS5HA6'
>>
>> keycloak_1 | 2016-08-17T17:24:10.778545355Z 17:24:10,778 INFO [
>> org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl]
>> (ServerService Thread Pool -- 49) HHH000010: On release of batch it still
>> contained JDBC statements
>>
>> keycloak_1 | 2016-08-17T17:24:10.784002565Z 17:24:10,783 ERROR
>> [org.keycloak.services] (ServerService Thread Pool -- 49) KC-SERVICES0010:
>> Failed to add user 'admin' to realm 'master': user with username exists
>>
>>
>>
>> Problem is that the admin login is now admin/admin which I set in the
>> environment vars, not the original admin user password from the old
>> installation. Once I'm in I see I have a completely empty database. I'm
>> confused,
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> *Kevin Thorpe*
>>
>> VP Enterprise Platform
>>
>> [image: http://i.imgur.com/8UeC1YO.png]
>>
>> www.p-i.net | @PI_150 <https://twitter.com/@PI_150>
>>
>>
>> *T: **+44 (0)20 3005 6750* <%2B44%20%280%2920%203005%206750>* | F: **+44(0)20
>> 7730 2635* <%2B44%280%2920%207730%202635>* | T: **+44 (0)808 204 0344*
>> <%2B44%20%280%29808%20204%200344>
>> *150 Buckingham Palace Road, London, SW1W 9TR, UK*
>>
>> [image:
>> https://clients.p-i.net/documents/11003/1116416/BSI-UKAS.logo_150.png]
>> [image:
>> https://clients.p-i.net/documents/11003/1116416/ISO27001.logo_150.png]
>> [image:
>> https://clients.p-i.net/documents/11003/1116416/QMS.logo_150.png] [image:
>> https://clients.p-i.net/documents/11003/1116416/pci.logo_150.png]
>>
>>
>> *SAVE PAPER - THINK BEFORE YOU PRINT!*
>>
>> ____________________________________________________________________
>>
>> This email and any files transmitted with it are confidential and
>> intended solely for the use of the individual or entity to whom they are
>> addressed. If you have received this email in error please notify the
>> system manager. This message contains confidential information and is
>> intended only for the individual named. If you are not the named addressee
>> you should not disseminate, distribute or copy this e-mail. Please notify
>> the sender immediately by e-mail if you have received this e-mail by
>> mistake and delete this e-mail from your system. If you are not the
>> intended recipient you are notified that disclosing, copying, distributing
>> or taking any action in reliance on the contents of this information is
>> strictly prohibited.
>>
>>
>>
>> On 17 August 2016 at 18:02, Jagannadha Rekala <jarekala at axway.com> wrote:
>>
>> There needs to be an admin user created while Keycloak being started. So,
>> you need to pass the environment variables to the docker container. Without
>> passing the environment variables Keycloak will not have an admin user
>> unless you use the previous database of Keycloak that had admin user
>> already. Try adding these two variables in your compose file and let us
>> know.
>>
>>
>>
>> - KEYCLOAK_USER=admin
>>
>> - KEYCLOAK_PASSWORD=password-here
>>
>>
>>
>> Thanks,
>>
>> Jagan Rekala
>>
>>
>>
>> *From:* keycloak-user-bounces at lists.jboss.org [mailto:
>> keycloak-user-bounces at lists.jboss.org] *On Behalf Of *Kevin Thorpe
>> *Sent:* Wednesday, August 17, 2016 9:48 AM
>> *To:* keycloak-user <keycloak-user at lists.jboss.org>
>> *Subject:* [keycloak-user] Cannot log in as admin when using docker
>> image 2.0.0 mysql
>>
>>
>>
>> I'm trying to use Keycloak 2.0.0 from the docker image using mysql and I
>> can't log in once running. It all starts up ok and it creates the initial
>> schema ok. When I try to log in to the admion console it can't find the
>> admin user. What am I doing wrong? I thought it was my modifications to the
>> image to add https that were wrong but it doesn't work from the published
>> image anyway.
>>
>>
>>
>> lots snipped....
>>
>> keycloak_1 | 2016-08-17T16:39:58.280453387Z 16:39:58,280 INFO [
>> org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 2.0.0.Final
>> (WildFly Core 2.0.10.Final) started in 29551ms - Started 418 of 800
>> services (542 services are lazy, passive or on-demand)
>>
>> keycloak_1 | 2016-08-17T16:40:16.238260785Z 16:40:16,237 WARN
>> [org.keycloak.events] (default task-7) type=LOGIN_ERROR, realmId=master,
>> clientId=security-admin-console, userId=null, ipAddress=10.20.11.52,
>> error=user_not_found, auth_method=openid-connect, auth_type=code,
>> redirect_uri=http://10.20.13.236:8080/auth/admin/master/console/,
>> code_id=2bde62ed-9b9f-4620-b07f-39d4a282098c, username=admin
>>
>>
>>
>> docker-compose.yml is:
>>
>> keycloak:
>>
>> image: jboss/keycloak-mysql:2.0.0.Final
>>
>> # image: docker.pibenchmark.com/pi-keycloak:2.0.0-01
>>
>> environment:
>>
>> MYSQL_PORT_3306_TCP_ADDR: mysql
>>
>> MYSQL_PORT_3306_TCP_PORT: 3306
>>
>> MYSQL_USERNAME: keycloak
>>
>> MYSQL_PASSWORD: xxxxxx
>>
>> ports:
>>
>> - "8443:8443/tcp"
>>
>> - "8080:8080/tcp"
>>
>> links:
>>
>> - keycloak-db:mysql
>>
>> # tty: true
>>
>> # stdin_open: true
>>
>>
>>
>> keycloak-db:
>>
>> environment:
>>
>> MYSQL_ROOT_PASSWORD: yyyyyy
>>
>> MYSQL_DATABASE: keycloak
>>
>> MYSQL_USER: keycloak
>>
>> MYSQL_PASSWORD: xxxxxx
>>
>> image: mysql/mysql-server:5.6
>>
>> volumes:
>>
>> - keycloak-test-db:/var/lib/mysql
>>
>> volume_driver: convoy
>>
>>
>>
>>
>>
>>
>>
>> *Kevin Thorpe*
>>
>> VP Enterprise Platform
>>
>> [image: http://i.imgur.com/8UeC1YO.png]
>>
>> www.p-i.net | @PI_150 <https://twitter.com/@PI_150>
>>
>>
>> *T: **+44 (0)20 3005 6750* <%2B44%20%280%2920%203005%206750>* | F: **+44(0)20
>> 7730 2635* <%2B44%280%2920%207730%202635>* | T: **+44 (0)808 204 0344*
>> <%2B44%20%280%29808%20204%200344>
>> *150 Buckingham Palace Road, London, SW1W 9TR, UK*
>>
>> [image:
>> https://clients.p-i.net/documents/11003/1116416/BSI-UKAS.logo_150.png]
>> [image:
>> https://clients.p-i.net/documents/11003/1116416/ISO27001.logo_150.png]
>> [image:
>> https://clients.p-i.net/documents/11003/1116416/QMS.logo_150.png] [image:
>> https://clients.p-i.net/documents/11003/1116416/pci.logo_150.png]
>>
>>
>> *SAVE PAPER - THINK BEFORE YOU PRINT!*
>>
>> ____________________________________________________________________
>>
>> This email and any files transmitted with it are confidential and
>> intended solely for the use of the individual or entity to whom they are
>> addressed. If you have received this email in error please notify the
>> system manager. This message contains confidential information and is
>> intended only for the individual named. If you are not the named addressee
>> you should not disseminate, distribute or copy this e-mail. Please notify
>> the sender immediately by e-mail if you have received this e-mail by
>> mistake and delete this e-mail from your system. If you are not the
>> intended recipient you are notified that disclosing, copying, distributing
>> or taking any action in reliance on the contents of this information is
>> strictly prohibited.
>>
>>
>>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160818/afd6057f/attachment-0001.html
More information about the keycloak-user
mailing list