[keycloak-user] Cannot log in as admin when using docker image 2.0.0 mysql

Stian Thorgersen sthorger at redhat.com
Thu Aug 18 06:26:48 EDT 2016


Take a look at instructions from the root image:

https://hub.docker.com/r/jboss/keycloak/

You should be able to enable debug logging with:

"-e KEYCLOAK_LOGLEVEL=DEBUG"

On 18 August 2016 at 11:38, Kevin Thorpe <kevin.thorpe at p-i.net> wrote:

> I'm not sure how to do that. I'm using their pre-built Docker image and I
> also am definitely not a Java programmer.
>
>
> *Kevin Thorpe*
> VP Enterprise Platform
>
> www.p-i.net | @PI_150 <https://twitter.com/@PI_150>
>
> *T: +44 (0)20 3005 6750 <%2B44%20%280%2920%203005%206750>  | F: +44(0)20
> 7730 2635 <%2B44%280%2920%207730%202635>  | T: +44 (0)808 204 0344
> <%2B44%20%280%29808%20204%200344> *
> *150 Buckingham Palace Road, London, SW1W 9TR, UK*
>
>
>
> *SAVE PAPER - THINK BEFORE YOU PRINT!*
>
> ____________________________________________________________________
>
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> If you have received this email in error please notify the system manager.
> This message contains confidential information and is intended only for the
> individual named. If you are not the named addressee you should not
> disseminate, distribute or copy this e-mail. Please notify the sender
> immediately by e-mail if you have received this e-mail by mistake and
> delete this e-mail from your system. If you are not the intended recipient
> you are notified that disclosing, copying, distributing or taking any
> action in reliance on the contents of this information is strictly
> prohibited.
>
> On 18 August 2016 at 05:14, Stian Thorgersen <sthorger at redhat.com> wrote:
>
>> Strange one - do you have a debug log available from first time starting
>> the 2.0 image? The migration logs may shed some light on what's happened.
>>
>> On 17 August 2016 at 22:29, Kevin Thorpe <kevin.thorpe at p-i.net> wrote:
>>
>>> Yes I understand why the warnings about adding the admin user. That
>>> actually makes me comfortable that it is connecting to the mysql database
>>> correctly.
>>>
>>> What is odd is the subsequent empty config. The mysql database is still
>>> fully populated. So it looks horribly like it's not using the mysql db at
>>> all.
>>>
>>> On 17 Aug 2016 20:53, "Jagannadha Rekala" <jarekala at axway.com> wrote:
>>>
>>>> Kevin,
>>>>
>>>>
>>>>
>>>> Since the admin user already exists in the older database it cannot
>>>> create the same user. You can take export of the older database from a
>>>> standalone (not dockered) Keycloak version 1.7.0. This will export into a
>>>> json file and you can verify whether that export has all the data that you
>>>> wanted. Then you can import the same into the Keycloak 2.0.0 that is
>>>> started in the newer database. This is just a work-around to see whether
>>>> data still persists but not sure what caused the data being deleted from
>>>> the database of 1.7.0.
>>>>
>>>>
>>>>
>>>> You can refer the following link for export and import
>>>>
>>>>
>>>>
>>>> https://access.redhat.com/documentation/en/red-hat-single-si
>>>> gn-on/7.0/paged/server-administration-guide/chapter-16-expor
>>>> t-and-import
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Thanks,
>>>>
>>>> Jagan Rekala
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> *From:* Kevin Thorpe [mailto:kevin.thorpe at p-i.net]
>>>> *Sent:* Wednesday, August 17, 2016 10:29 AM
>>>> *To:* Jagannadha Rekala <jarekala at axway.com>
>>>> *Cc:* keycloak-user <keycloak-user at lists.jboss.org>
>>>> *Subject:* Re: [keycloak-user] Cannot log in as admin when using
>>>> docker image 2.0.0 mysql
>>>>
>>>>
>>>>
>>>> Ah, ok I'll try that. The original issue though was that it wasn't
>>>> picking up the admin user from the existing 1.7.0 database.
>>>>
>>>>
>>>>
>>>> Ok. Now I've got further. I can start Keycloak 2.0.0 on a new database
>>>> by adding the admin user to the environment. It still doesn't work on my
>>>> old database.
>>>>
>>>>
>>>>
>>>> I get these errors indicating that it's trying to add the admin user
>>>> and failing as it already exists:
>>>>
>>>> keycloak_1 | 2016-08-17T17:24:10.666079599Z 17:24:10,665 INFO
>>>>  [org.keycloak.services] (ServerService Thread Pool -- 49) KC-SERVICES0006:
>>>> Importing users from '/opt/jboss/keycloak/standalon
>>>> e/configuration/keycloak-add-user.json'
>>>>
>>>> keycloak_1 | 2016-08-17T17:24:10.777277798Z 17:24:10,777 WARN
>>>>  [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (ServerService
>>>> Thread Pool -- 49) SQL Error: 1062, SQLState: 23000
>>>>
>>>> keycloak_1 | 2016-08-17T17:24:10.777402463Z 17:24:10,777 ERROR
>>>> [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (ServerService
>>>> Thread Pool -- 49) Duplicate entry 'master-admin' for key
>>>> 'UK_RU8TT6T700S9V50BU18WS5HA6'
>>>>
>>>> keycloak_1 | 2016-08-17T17:24:10.778545355Z 17:24:10,778 INFO  [
>>>> org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl]
>>>> (ServerService Thread Pool -- 49) HHH000010: On release of batch it still
>>>> contained JDBC statements
>>>>
>>>> keycloak_1 | 2016-08-17T17:24:10.784002565Z 17:24:10,783 ERROR
>>>> [org.keycloak.services] (ServerService Thread Pool -- 49) KC-SERVICES0010:
>>>> Failed to add user 'admin' to realm 'master': user with username exists
>>>>
>>>>
>>>>
>>>> Problem is that the admin login is now admin/admin which I set in the
>>>> environment vars, not the original admin user password from the old
>>>> installation. Once I'm in I see I have a completely empty database. I'm
>>>> confused,
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> *Kevin Thorpe*
>>>>
>>>> VP Enterprise Platform
>>>>
>>>> [image: http://i.imgur.com/8UeC1YO.png]
>>>>
>>>> www.p-i.net | @PI_150 <https://twitter.com/@PI_150>
>>>>
>>>>
>>>> *T: **+44 (0)20 3005 6750* <%2B44%20%280%2920%203005%206750>*  | F: **+44(0)20
>>>> 7730 2635* <%2B44%280%2920%207730%202635>*  | T: **+44 (0)808 204 0344*
>>>> <%2B44%20%280%29808%20204%200344>
>>>> *150 Buckingham Palace Road, London, SW1W 9TR, UK*
>>>>
>>>> [image:
>>>> https://clients.p-i.net/documents/11003/1116416/BSI-UKAS.logo_150.png]
>>>>      [image:
>>>> https://clients.p-i.net/documents/11003/1116416/ISO27001.logo_150.png]
>>>>      [image:
>>>> https://clients.p-i.net/documents/11003/1116416/QMS.logo_150.png]     [image:
>>>> https://clients.p-i.net/documents/11003/1116416/pci.logo_150.png]
>>>>
>>>>
>>>> *SAVE PAPER - THINK BEFORE YOU PRINT!*
>>>>
>>>> ____________________________________________________________________
>>>>
>>>> This email and any files transmitted with it are confidential and
>>>> intended solely for the use of the individual or entity to whom they are
>>>> addressed. If you have received this email in error please notify the
>>>> system manager. This message contains confidential information and is
>>>> intended only for the individual named. If you are not the named addressee
>>>> you should not disseminate, distribute or copy this e-mail. Please notify
>>>> the sender immediately by e-mail if you have received this e-mail by
>>>> mistake and delete this e-mail from your system. If you are not the
>>>> intended recipient you are notified that disclosing, copying, distributing
>>>> or taking any action in reliance on the contents of this information is
>>>> strictly prohibited.
>>>>
>>>>
>>>>
>>>> On 17 August 2016 at 18:02, Jagannadha Rekala <jarekala at axway.com>
>>>> wrote:
>>>>
>>>> There needs to be an admin user created while Keycloak being started.
>>>> So, you need to pass the environment variables to the docker container.
>>>> Without passing the environment variables Keycloak will not have an admin
>>>> user unless you use the previous database of Keycloak that had admin user
>>>> already. Try adding these two variables in your compose file and let us
>>>> know.
>>>>
>>>>
>>>>
>>>>     - KEYCLOAK_USER=admin
>>>>
>>>>     - KEYCLOAK_PASSWORD=password-here
>>>>
>>>>
>>>>
>>>> Thanks,
>>>>
>>>> Jagan Rekala
>>>>
>>>>
>>>>
>>>> *From:* keycloak-user-bounces at lists.jboss.org [mailto:
>>>> keycloak-user-bounces at lists.jboss.org] *On Behalf Of *Kevin Thorpe
>>>> *Sent:* Wednesday, August 17, 2016 9:48 AM
>>>> *To:* keycloak-user <keycloak-user at lists.jboss.org>
>>>> *Subject:* [keycloak-user] Cannot log in as admin when using docker
>>>> image 2.0.0 mysql
>>>>
>>>>
>>>>
>>>> I'm trying to use Keycloak 2.0.0 from the docker image using mysql and
>>>> I can't log in once running. It all starts up ok and it creates the initial
>>>> schema ok. When I try to log in to the admion console it can't find the
>>>> admin user. What am I doing wrong? I thought it was my modifications to the
>>>> image to add https that were wrong but it doesn't work from the published
>>>> image anyway.
>>>>
>>>>
>>>>
>>>> lots snipped....
>>>>
>>>> keycloak_1 | 2016-08-17T16:39:58.280453387Z 16:39:58,280 INFO  [
>>>> org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak
>>>> 2.0.0.Final (WildFly Core 2.0.10.Final) started in 29551ms - Started 418 of
>>>> 800 services (542 services are lazy, passive or on-demand)
>>>>
>>>> keycloak_1 | 2016-08-17T16:40:16.238260785Z 16:40:16,237 WARN
>>>>  [org.keycloak.events] (default task-7) type=LOGIN_ERROR, realmId=master,
>>>> clientId=security-admin-console, userId=null, ipAddress=10.20.11.52,
>>>> error=user_not_found, auth_method=openid-connect, auth_type=code,
>>>> redirect_uri=http://10.20.13.236:8080/auth/admin/master/console/,
>>>> code_id=2bde62ed-9b9f-4620-b07f-39d4a282098c, username=admin
>>>>
>>>>
>>>>
>>>> docker-compose.yml is:
>>>>
>>>> keycloak:
>>>>
>>>>   image: jboss/keycloak-mysql:2.0.0.Final
>>>>
>>>> #  image: docker.pibenchmark.com/pi-keycloak:2.0.0-01
>>>>
>>>>   environment:
>>>>
>>>>     MYSQL_PORT_3306_TCP_ADDR: mysql
>>>>
>>>>     MYSQL_PORT_3306_TCP_PORT: 3306
>>>>
>>>>     MYSQL_USERNAME: keycloak
>>>>
>>>>     MYSQL_PASSWORD: xxxxxx
>>>>
>>>>   ports:
>>>>
>>>>     - "8443:8443/tcp"
>>>>
>>>>     - "8080:8080/tcp"
>>>>
>>>>   links:
>>>>
>>>>     - keycloak-db:mysql
>>>>
>>>> #  tty: true
>>>>
>>>> #  stdin_open: true
>>>>
>>>>
>>>>
>>>> keycloak-db:
>>>>
>>>>   environment:
>>>>
>>>>     MYSQL_ROOT_PASSWORD: yyyyyy
>>>>
>>>>     MYSQL_DATABASE: keycloak
>>>>
>>>>     MYSQL_USER: keycloak
>>>>
>>>>     MYSQL_PASSWORD: xxxxxx
>>>>
>>>>   image: mysql/mysql-server:5.6
>>>>
>>>>   volumes:
>>>>
>>>>   - keycloak-test-db:/var/lib/mysql
>>>>
>>>>   volume_driver: convoy
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> *Kevin Thorpe*
>>>>
>>>> VP Enterprise Platform
>>>>
>>>> [image: http://i.imgur.com/8UeC1YO.png]
>>>>
>>>> www.p-i.net | @PI_150 <https://twitter.com/@PI_150>
>>>>
>>>>
>>>> *T: **+44 (0)20 3005 6750* <%2B44%20%280%2920%203005%206750>*  | F: **+44(0)20
>>>> 7730 2635* <%2B44%280%2920%207730%202635>*  | T: **+44 (0)808 204 0344*
>>>> <%2B44%20%280%29808%20204%200344>
>>>> *150 Buckingham Palace Road, London, SW1W 9TR, UK*
>>>>
>>>> [image:
>>>> https://clients.p-i.net/documents/11003/1116416/BSI-UKAS.logo_150.png]
>>>>      [image:
>>>> https://clients.p-i.net/documents/11003/1116416/ISO27001.logo_150.png]
>>>>      [image:
>>>> https://clients.p-i.net/documents/11003/1116416/QMS.logo_150.png]     [image:
>>>> https://clients.p-i.net/documents/11003/1116416/pci.logo_150.png]
>>>>
>>>>
>>>> *SAVE PAPER - THINK BEFORE YOU PRINT!*
>>>>
>>>> ____________________________________________________________________
>>>>
>>>> This email and any files transmitted with it are confidential and
>>>> intended solely for the use of the individual or entity to whom they are
>>>> addressed. If you have received this email in error please notify the
>>>> system manager. This message contains confidential information and is
>>>> intended only for the individual named. If you are not the named addressee
>>>> you should not disseminate, distribute or copy this e-mail. Please notify
>>>> the sender immediately by e-mail if you have received this e-mail by
>>>> mistake and delete this e-mail from your system. If you are not the
>>>> intended recipient you are notified that disclosing, copying, distributing
>>>> or taking any action in reliance on the contents of this information is
>>>> strictly prohibited.
>>>>
>>>>
>>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160818/cc2e3dc2/attachment-0001.html 


More information about the keycloak-user mailing list