[keycloak-user] Cannot log in as admin when using docker image 2.0.0 mysql

Kevin Thorpe kevin.thorpe at p-i.net
Thu Aug 18 06:43:10 EDT 2016


Thanks for that Stian. I did manage to find that on the 'net.

Thank you for all your help but it turned out it wasn't Keycloak causing
the issue at all. The problem was with the mysql container and migrating a
database in. A combination of permissions differences and the way the mysql
image detects an existing database meant it was creating a new one. This
wasn't obvious until I picked the mysql image apart and built my own.

Sorry to use up part of your valuable time.



*Kevin Thorpe*
VP Enterprise Platform

www.p-i.net | @PI_150 <https://twitter.com/@PI_150>

*T: +44 (0)20 3005 6750 <%2B44%20%280%2920%203005%206750>  | F: +44(0)20
7730 2635 <%2B44%280%2920%207730%202635>  | T: +44 (0)808 204 0344
<%2B44%20%280%29808%20204%200344> *
*150 Buckingham Palace Road, London, SW1W 9TR, UK*



*SAVE PAPER - THINK BEFORE YOU PRINT!*

____________________________________________________________________

This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager.
This message contains confidential information and is intended only for the
individual named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail. Please notify the sender
immediately by e-mail if you have received this e-mail by mistake and
delete this e-mail from your system. If you are not the intended recipient
you are notified that disclosing, copying, distributing or taking any
action in reliance on the contents of this information is strictly
prohibited.

On 18 August 2016 at 11:26, Stian Thorgersen <sthorger at redhat.com> wrote:

> Take a look at instructions from the root image:
>
> https://hub.docker.com/r/jboss/keycloak/
>
> You should be able to enable debug logging with:
>
> "-e KEYCLOAK_LOGLEVEL=DEBUG"
>
> On 18 August 2016 at 11:38, Kevin Thorpe <kevin.thorpe at p-i.net> wrote:
>
>> I'm not sure how to do that. I'm using their pre-built Docker image and I
>> also am definitely not a Java programmer.
>>
>>
>> *Kevin Thorpe*
>> VP Enterprise Platform
>>
>> www.p-i.net | @PI_150 <https://twitter.com/@PI_150>
>>
>> *T: +44 (0)20 3005 6750 <%2B44%20%280%2920%203005%206750>  | F: +44(0)20
>> 7730 2635 <%2B44%280%2920%207730%202635>  | T: +44 (0)808 204 0344
>> <%2B44%20%280%29808%20204%200344> *
>> *150 Buckingham Palace Road, London, SW1W 9TR, UK*
>>
>>
>>
>> *SAVE PAPER - THINK BEFORE YOU PRINT!*
>>
>> ____________________________________________________________________
>>
>> This email and any files transmitted with it are confidential and
>> intended solely for the use of the individual or entity to whom they are
>> addressed. If you have received this email in error please notify the
>> system manager. This message contains confidential information and is
>> intended only for the individual named. If you are not the named addressee
>> you should not disseminate, distribute or copy this e-mail. Please notify
>> the sender immediately by e-mail if you have received this e-mail by
>> mistake and delete this e-mail from your system. If you are not the
>> intended recipient you are notified that disclosing, copying, distributing
>> or taking any action in reliance on the contents of this information is
>> strictly prohibited.
>>
>> On 18 August 2016 at 05:14, Stian Thorgersen <sthorger at redhat.com> wrote:
>>
>>> Strange one - do you have a debug log available from first time starting
>>> the 2.0 image? The migration logs may shed some light on what's happened.
>>>
>>> On 17 August 2016 at 22:29, Kevin Thorpe <kevin.thorpe at p-i.net> wrote:
>>>
>>>> Yes I understand why the warnings about adding the admin user. That
>>>> actually makes me comfortable that it is connecting to the mysql database
>>>> correctly.
>>>>
>>>> What is odd is the subsequent empty config. The mysql database is still
>>>> fully populated. So it looks horribly like it's not using the mysql db at
>>>> all.
>>>>
>>>> On 17 Aug 2016 20:53, "Jagannadha Rekala" <jarekala at axway.com> wrote:
>>>>
>>>>> Kevin,
>>>>>
>>>>>
>>>>>
>>>>> Since the admin user already exists in the older database it cannot
>>>>> create the same user. You can take export of the older database from a
>>>>> standalone (not dockered) Keycloak version 1.7.0. This will export into a
>>>>> json file and you can verify whether that export has all the data that you
>>>>> wanted. Then you can import the same into the Keycloak 2.0.0 that is
>>>>> started in the newer database. This is just a work-around to see whether
>>>>> data still persists but not sure what caused the data being deleted from
>>>>> the database of 1.7.0.
>>>>>
>>>>>
>>>>>
>>>>> You can refer the following link for export and import
>>>>>
>>>>>
>>>>>
>>>>> https://access.redhat.com/documentation/en/red-hat-single-si
>>>>> gn-on/7.0/paged/server-administration-guide/chapter-16-expor
>>>>> t-and-import
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Jagan Rekala
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> *From:* Kevin Thorpe [mailto:kevin.thorpe at p-i.net]
>>>>> *Sent:* Wednesday, August 17, 2016 10:29 AM
>>>>> *To:* Jagannadha Rekala <jarekala at axway.com>
>>>>> *Cc:* keycloak-user <keycloak-user at lists.jboss.org>
>>>>> *Subject:* Re: [keycloak-user] Cannot log in as admin when using
>>>>> docker image 2.0.0 mysql
>>>>>
>>>>>
>>>>>
>>>>> Ah, ok I'll try that. The original issue though was that it wasn't
>>>>> picking up the admin user from the existing 1.7.0 database.
>>>>>
>>>>>
>>>>>
>>>>> Ok. Now I've got further. I can start Keycloak 2.0.0 on a new database
>>>>> by adding the admin user to the environment. It still doesn't work on my
>>>>> old database.
>>>>>
>>>>>
>>>>>
>>>>> I get these errors indicating that it's trying to add the admin user
>>>>> and failing as it already exists:
>>>>>
>>>>> keycloak_1 | 2016-08-17T17:24:10.666079599Z 17:24:10,665 INFO
>>>>>  [org.keycloak.services] (ServerService Thread Pool -- 49) KC-SERVICES0006:
>>>>> Importing users from '/opt/jboss/keycloak/standalon
>>>>> e/configuration/keycloak-add-user.json'
>>>>>
>>>>> keycloak_1 | 2016-08-17T17:24:10.777277798Z 17:24:10,777 WARN
>>>>>  [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (ServerService
>>>>> Thread Pool -- 49) SQL Error: 1062, SQLState: 23000
>>>>>
>>>>> keycloak_1 | 2016-08-17T17:24:10.777402463Z 17:24:10,777 ERROR
>>>>> [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (ServerService
>>>>> Thread Pool -- 49) Duplicate entry 'master-admin' for key
>>>>> 'UK_RU8TT6T700S9V50BU18WS5HA6'
>>>>>
>>>>> keycloak_1 | 2016-08-17T17:24:10.778545355Z 17:24:10,778 INFO  [
>>>>> org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl]
>>>>> (ServerService Thread Pool -- 49) HHH000010: On release of batch it still
>>>>> contained JDBC statements
>>>>>
>>>>> keycloak_1 | 2016-08-17T17:24:10.784002565Z 17:24:10,783 ERROR
>>>>> [org.keycloak.services] (ServerService Thread Pool -- 49) KC-SERVICES0010:
>>>>> Failed to add user 'admin' to realm 'master': user with username exists
>>>>>
>>>>>
>>>>>
>>>>> Problem is that the admin login is now admin/admin which I set in the
>>>>> environment vars, not the original admin user password from the old
>>>>> installation. Once I'm in I see I have a completely empty database. I'm
>>>>> confused,
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> *Kevin Thorpe*
>>>>>
>>>>> VP Enterprise Platform
>>>>>
>>>>> [image: http://i.imgur.com/8UeC1YO.png]
>>>>>
>>>>> www.p-i.net | @PI_150 <https://twitter.com/@PI_150>
>>>>>
>>>>>
>>>>> *T: **+44 (0)20 3005 6750* <%2B44%20%280%2920%203005%206750>*  | F: **+44(0)20
>>>>> 7730 2635* <%2B44%280%2920%207730%202635>*  | T: **+44 (0)808 204
>>>>> 0344* <%2B44%20%280%29808%20204%200344>
>>>>> *150 Buckingham Palace Road, London, SW1W 9TR, UK*
>>>>>
>>>>> [image:
>>>>> https://clients.p-i.net/documents/11003/1116416/BSI-UKAS.logo_150.png]
>>>>>      [image:
>>>>> https://clients.p-i.net/documents/11003/1116416/ISO27001.logo_150.png]
>>>>>      [image:
>>>>> https://clients.p-i.net/documents/11003/1116416/QMS.logo_150.png]     [image:
>>>>> https://clients.p-i.net/documents/11003/1116416/pci.logo_150.png]
>>>>>
>>>>>
>>>>> *SAVE PAPER - THINK BEFORE YOU PRINT!*
>>>>>
>>>>> ____________________________________________________________________
>>>>>
>>>>> This email and any files transmitted with it are confidential and
>>>>> intended solely for the use of the individual or entity to whom they are
>>>>> addressed. If you have received this email in error please notify the
>>>>> system manager. This message contains confidential information and is
>>>>> intended only for the individual named. If you are not the named addressee
>>>>> you should not disseminate, distribute or copy this e-mail. Please notify
>>>>> the sender immediately by e-mail if you have received this e-mail by
>>>>> mistake and delete this e-mail from your system. If you are not the
>>>>> intended recipient you are notified that disclosing, copying, distributing
>>>>> or taking any action in reliance on the contents of this information is
>>>>> strictly prohibited.
>>>>>
>>>>>
>>>>>
>>>>> On 17 August 2016 at 18:02, Jagannadha Rekala <jarekala at axway.com>
>>>>> wrote:
>>>>>
>>>>> There needs to be an admin user created while Keycloak being started.
>>>>> So, you need to pass the environment variables to the docker container.
>>>>> Without passing the environment variables Keycloak will not have an admin
>>>>> user unless you use the previous database of Keycloak that had admin user
>>>>> already. Try adding these two variables in your compose file and let us
>>>>> know.
>>>>>
>>>>>
>>>>>
>>>>>     - KEYCLOAK_USER=admin
>>>>>
>>>>>     - KEYCLOAK_PASSWORD=password-here
>>>>>
>>>>>
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Jagan Rekala
>>>>>
>>>>>
>>>>>
>>>>> *From:* keycloak-user-bounces at lists.jboss.org [mailto:
>>>>> keycloak-user-bounces at lists.jboss.org] *On Behalf Of *Kevin Thorpe
>>>>> *Sent:* Wednesday, August 17, 2016 9:48 AM
>>>>> *To:* keycloak-user <keycloak-user at lists.jboss.org>
>>>>> *Subject:* [keycloak-user] Cannot log in as admin when using docker
>>>>> image 2.0.0 mysql
>>>>>
>>>>>
>>>>>
>>>>> I'm trying to use Keycloak 2.0.0 from the docker image using mysql and
>>>>> I can't log in once running. It all starts up ok and it creates the initial
>>>>> schema ok. When I try to log in to the admion console it can't find the
>>>>> admin user. What am I doing wrong? I thought it was my modifications to the
>>>>> image to add https that were wrong but it doesn't work from the published
>>>>> image anyway.
>>>>>
>>>>>
>>>>>
>>>>> lots snipped....
>>>>>
>>>>> keycloak_1 | 2016-08-17T16:39:58.280453387Z 16:39:58,280 INFO  [
>>>>> org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak
>>>>> 2.0.0.Final (WildFly Core 2.0.10.Final) started in 29551ms - Started 418 of
>>>>> 800 services (542 services are lazy, passive or on-demand)
>>>>>
>>>>> keycloak_1 | 2016-08-17T16:40:16.238260785Z 16:40:16,237 WARN
>>>>>  [org.keycloak.events] (default task-7) type=LOGIN_ERROR, realmId=master,
>>>>> clientId=security-admin-console, userId=null, ipAddress=10.20.11.52,
>>>>> error=user_not_found, auth_method=openid-connect, auth_type=code,
>>>>> redirect_uri=http://10.20.13.236:8080/auth/admin/master/console/,
>>>>> code_id=2bde62ed-9b9f-4620-b07f-39d4a282098c, username=admin
>>>>>
>>>>>
>>>>>
>>>>> docker-compose.yml is:
>>>>>
>>>>> keycloak:
>>>>>
>>>>>   image: jboss/keycloak-mysql:2.0.0.Final
>>>>>
>>>>> #  image: docker.pibenchmark.com/pi-keycloak:2.0.0-01
>>>>>
>>>>>   environment:
>>>>>
>>>>>     MYSQL_PORT_3306_TCP_ADDR: mysql
>>>>>
>>>>>     MYSQL_PORT_3306_TCP_PORT: 3306
>>>>>
>>>>>     MYSQL_USERNAME: keycloak
>>>>>
>>>>>     MYSQL_PASSWORD: xxxxxx
>>>>>
>>>>>   ports:
>>>>>
>>>>>     - "8443:8443/tcp"
>>>>>
>>>>>     - "8080:8080/tcp"
>>>>>
>>>>>   links:
>>>>>
>>>>>     - keycloak-db:mysql
>>>>>
>>>>> #  tty: true
>>>>>
>>>>> #  stdin_open: true
>>>>>
>>>>>
>>>>>
>>>>> keycloak-db:
>>>>>
>>>>>   environment:
>>>>>
>>>>>     MYSQL_ROOT_PASSWORD: yyyyyy
>>>>>
>>>>>     MYSQL_DATABASE: keycloak
>>>>>
>>>>>     MYSQL_USER: keycloak
>>>>>
>>>>>     MYSQL_PASSWORD: xxxxxx
>>>>>
>>>>>   image: mysql/mysql-server:5.6
>>>>>
>>>>>   volumes:
>>>>>
>>>>>   - keycloak-test-db:/var/lib/mysql
>>>>>
>>>>>   volume_driver: convoy
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> *Kevin Thorpe*
>>>>>
>>>>> VP Enterprise Platform
>>>>>
>>>>> [image: http://i.imgur.com/8UeC1YO.png]
>>>>>
>>>>> www.p-i.net | @PI_150 <https://twitter.com/@PI_150>
>>>>>
>>>>>
>>>>> *T: **+44 (0)20 3005 6750* <%2B44%20%280%2920%203005%206750>*  | F: **+44(0)20
>>>>> 7730 2635* <%2B44%280%2920%207730%202635>*  | T: **+44 (0)808 204
>>>>> 0344* <%2B44%20%280%29808%20204%200344>
>>>>> *150 Buckingham Palace Road, London, SW1W 9TR, UK*
>>>>>
>>>>> [image:
>>>>> https://clients.p-i.net/documents/11003/1116416/BSI-UKAS.logo_150.png]
>>>>>      [image:
>>>>> https://clients.p-i.net/documents/11003/1116416/ISO27001.logo_150.png]
>>>>>      [image:
>>>>> https://clients.p-i.net/documents/11003/1116416/QMS.logo_150.png]     [image:
>>>>> https://clients.p-i.net/documents/11003/1116416/pci.logo_150.png]
>>>>>
>>>>>
>>>>> *SAVE PAPER - THINK BEFORE YOU PRINT!*
>>>>>
>>>>> ____________________________________________________________________
>>>>>
>>>>> This email and any files transmitted with it are confidential and
>>>>> intended solely for the use of the individual or entity to whom they are
>>>>> addressed. If you have received this email in error please notify the
>>>>> system manager. This message contains confidential information and is
>>>>> intended only for the individual named. If you are not the named addressee
>>>>> you should not disseminate, distribute or copy this e-mail. Please notify
>>>>> the sender immediately by e-mail if you have received this e-mail by
>>>>> mistake and delete this e-mail from your system. If you are not the
>>>>> intended recipient you are notified that disclosing, copying, distributing
>>>>> or taking any action in reliance on the contents of this information is
>>>>> strictly prohibited.
>>>>>
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160818/2654bece/attachment-0001.html 


More information about the keycloak-user mailing list