[keycloak-user] Cannot log in as admin when using docker image 2.0.0 mysql
Stian Thorgersen
sthorger at redhat.com
Thu Aug 18 08:52:35 EDT 2016
Np, pleased it's sorted :)
On 18 August 2016 at 12:43, Kevin Thorpe <kevin.thorpe at p-i.net> wrote:
> Thanks for that Stian. I did manage to find that on the 'net.
>
> Thank you for all your help but it turned out it wasn't Keycloak causing
> the issue at all. The problem was with the mysql container and migrating a
> database in. A combination of permissions differences and the way the mysql
> image detects an existing database meant it was creating a new one. This
> wasn't obvious until I picked the mysql image apart and built my own.
>
> Sorry to use up part of your valuable time.
>
>
>
> *Kevin Thorpe*
> VP Enterprise Platform
>
> www.p-i.net | @PI_150 <https://twitter.com/@PI_150>
>
> *T: +44 (0)20 3005 6750 <%2B44%20%280%2920%203005%206750> | F: +44(0)20
> 7730 2635 <%2B44%280%2920%207730%202635> | T: +44 (0)808 204 0344
> <%2B44%20%280%29808%20204%200344> *
> *150 Buckingham Palace Road, London, SW1W 9TR, UK*
>
>
>
> *SAVE PAPER - THINK BEFORE YOU PRINT!*
>
> ____________________________________________________________________
>
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> If you have received this email in error please notify the system manager.
> This message contains confidential information and is intended only for the
> individual named. If you are not the named addressee you should not
> disseminate, distribute or copy this e-mail. Please notify the sender
> immediately by e-mail if you have received this e-mail by mistake and
> delete this e-mail from your system. If you are not the intended recipient
> you are notified that disclosing, copying, distributing or taking any
> action in reliance on the contents of this information is strictly
> prohibited.
>
> On 18 August 2016 at 11:26, Stian Thorgersen <sthorger at redhat.com> wrote:
>
>> Take a look at instructions from the root image:
>>
>> https://hub.docker.com/r/jboss/keycloak/
>>
>> You should be able to enable debug logging with:
>>
>> "-e KEYCLOAK_LOGLEVEL=DEBUG"
>>
>> On 18 August 2016 at 11:38, Kevin Thorpe <kevin.thorpe at p-i.net> wrote:
>>
>>> I'm not sure how to do that. I'm using their pre-built Docker image and
>>> I also am definitely not a Java programmer.
>>>
>>>
>>> *Kevin Thorpe*
>>> VP Enterprise Platform
>>>
>>> www.p-i.net | @PI_150 <https://twitter.com/@PI_150>
>>>
>>> *T: +44 (0)20 3005 6750 <%2B44%20%280%2920%203005%206750> | F: +44(0)20
>>> 7730 2635 <%2B44%280%2920%207730%202635> | T: +44 (0)808 204 0344
>>> <%2B44%20%280%29808%20204%200344> *
>>> *150 Buckingham Palace Road, London, SW1W 9TR, UK*
>>>
>>>
>>>
>>> *SAVE PAPER - THINK BEFORE YOU PRINT!*
>>>
>>> ____________________________________________________________________
>>>
>>> This email and any files transmitted with it are confidential and
>>> intended solely for the use of the individual or entity to whom they are
>>> addressed. If you have received this email in error please notify the
>>> system manager. This message contains confidential information and is
>>> intended only for the individual named. If you are not the named addressee
>>> you should not disseminate, distribute or copy this e-mail. Please notify
>>> the sender immediately by e-mail if you have received this e-mail by
>>> mistake and delete this e-mail from your system. If you are not the
>>> intended recipient you are notified that disclosing, copying, distributing
>>> or taking any action in reliance on the contents of this information is
>>> strictly prohibited.
>>>
>>> On 18 August 2016 at 05:14, Stian Thorgersen <sthorger at redhat.com>
>>> wrote:
>>>
>>>> Strange one - do you have a debug log available from first time
>>>> starting the 2.0 image? The migration logs may shed some light on what's
>>>> happened.
>>>>
>>>> On 17 August 2016 at 22:29, Kevin Thorpe <kevin.thorpe at p-i.net> wrote:
>>>>
>>>>> Yes I understand why the warnings about adding the admin user. That
>>>>> actually makes me comfortable that it is connecting to the mysql database
>>>>> correctly.
>>>>>
>>>>> What is odd is the subsequent empty config. The mysql database is
>>>>> still fully populated. So it looks horribly like it's not using the mysql
>>>>> db at all.
>>>>>
>>>>> On 17 Aug 2016 20:53, "Jagannadha Rekala" <jarekala at axway.com> wrote:
>>>>>
>>>>>> Kevin,
>>>>>>
>>>>>>
>>>>>>
>>>>>> Since the admin user already exists in the older database it cannot
>>>>>> create the same user. You can take export of the older database from a
>>>>>> standalone (not dockered) Keycloak version 1.7.0. This will export into a
>>>>>> json file and you can verify whether that export has all the data that you
>>>>>> wanted. Then you can import the same into the Keycloak 2.0.0 that is
>>>>>> started in the newer database. This is just a work-around to see whether
>>>>>> data still persists but not sure what caused the data being deleted from
>>>>>> the database of 1.7.0.
>>>>>>
>>>>>>
>>>>>>
>>>>>> You can refer the following link for export and import
>>>>>>
>>>>>>
>>>>>>
>>>>>> https://access.redhat.com/documentation/en/red-hat-single-si
>>>>>> gn-on/7.0/paged/server-administration-guide/chapter-16-expor
>>>>>> t-and-import
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> Jagan Rekala
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> *From:* Kevin Thorpe [mailto:kevin.thorpe at p-i.net]
>>>>>> *Sent:* Wednesday, August 17, 2016 10:29 AM
>>>>>> *To:* Jagannadha Rekala <jarekala at axway.com>
>>>>>> *Cc:* keycloak-user <keycloak-user at lists.jboss.org>
>>>>>> *Subject:* Re: [keycloak-user] Cannot log in as admin when using
>>>>>> docker image 2.0.0 mysql
>>>>>>
>>>>>>
>>>>>>
>>>>>> Ah, ok I'll try that. The original issue though was that it wasn't
>>>>>> picking up the admin user from the existing 1.7.0 database.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Ok. Now I've got further. I can start Keycloak 2.0.0 on a new
>>>>>> database by adding the admin user to the environment. It still doesn't work
>>>>>> on my old database.
>>>>>>
>>>>>>
>>>>>>
>>>>>> I get these errors indicating that it's trying to add the admin user
>>>>>> and failing as it already exists:
>>>>>>
>>>>>> keycloak_1 | 2016-08-17T17:24:10.666079599Z 17:24:10,665 INFO
>>>>>> [org.keycloak.services] (ServerService Thread Pool -- 49) KC-SERVICES0006:
>>>>>> Importing users from '/opt/jboss/keycloak/standalon
>>>>>> e/configuration/keycloak-add-user.json'
>>>>>>
>>>>>> keycloak_1 | 2016-08-17T17:24:10.777277798Z 17:24:10,777 WARN
>>>>>> [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (ServerService
>>>>>> Thread Pool -- 49) SQL Error: 1062, SQLState: 23000
>>>>>>
>>>>>> keycloak_1 | 2016-08-17T17:24:10.777402463Z 17:24:10,777 ERROR
>>>>>> [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (ServerService
>>>>>> Thread Pool -- 49) Duplicate entry 'master-admin' for key
>>>>>> 'UK_RU8TT6T700S9V50BU18WS5HA6'
>>>>>>
>>>>>> keycloak_1 | 2016-08-17T17:24:10.778545355Z 17:24:10,778 INFO [
>>>>>> org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl]
>>>>>> (ServerService Thread Pool -- 49) HHH000010: On release of batch it still
>>>>>> contained JDBC statements
>>>>>>
>>>>>> keycloak_1 | 2016-08-17T17:24:10.784002565Z 17:24:10,783 ERROR
>>>>>> [org.keycloak.services] (ServerService Thread Pool -- 49) KC-SERVICES0010:
>>>>>> Failed to add user 'admin' to realm 'master': user with username exists
>>>>>>
>>>>>>
>>>>>>
>>>>>> Problem is that the admin login is now admin/admin which I set in the
>>>>>> environment vars, not the original admin user password from the old
>>>>>> installation. Once I'm in I see I have a completely empty database. I'm
>>>>>> confused,
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> *Kevin Thorpe*
>>>>>>
>>>>>> VP Enterprise Platform
>>>>>>
>>>>>> [image: http://i.imgur.com/8UeC1YO.png]
>>>>>>
>>>>>> www.p-i.net | @PI_150 <https://twitter.com/@PI_150>
>>>>>>
>>>>>>
>>>>>> *T: **+44 (0)20 3005 6750* <%2B44%20%280%2920%203005%206750>* | F: **+44(0)20
>>>>>> 7730 2635* <%2B44%280%2920%207730%202635>* | T: **+44 (0)808 204
>>>>>> 0344* <%2B44%20%280%29808%20204%200344>
>>>>>> *150 Buckingham Palace Road, London, SW1W 9TR, UK*
>>>>>>
>>>>>> [image:
>>>>>> https://clients.p-i.net/documents/11003/1116416/BSI-UKAS.logo_150.png]
>>>>>> [image:
>>>>>> https://clients.p-i.net/documents/11003/1116416/ISO27001.logo_150.png]
>>>>>> [image:
>>>>>> https://clients.p-i.net/documents/11003/1116416/QMS.logo_150.png]
>>>>>> [image:
>>>>>> https://clients.p-i.net/documents/11003/1116416/pci.logo_150.png]
>>>>>>
>>>>>>
>>>>>> *SAVE PAPER - THINK BEFORE YOU PRINT!*
>>>>>>
>>>>>> ____________________________________________________________________
>>>>>>
>>>>>> This email and any files transmitted with it are confidential and
>>>>>> intended solely for the use of the individual or entity to whom they are
>>>>>> addressed. If you have received this email in error please notify the
>>>>>> system manager. This message contains confidential information and is
>>>>>> intended only for the individual named. If you are not the named addressee
>>>>>> you should not disseminate, distribute or copy this e-mail. Please notify
>>>>>> the sender immediately by e-mail if you have received this e-mail by
>>>>>> mistake and delete this e-mail from your system. If you are not the
>>>>>> intended recipient you are notified that disclosing, copying, distributing
>>>>>> or taking any action in reliance on the contents of this information is
>>>>>> strictly prohibited.
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 17 August 2016 at 18:02, Jagannadha Rekala <jarekala at axway.com>
>>>>>> wrote:
>>>>>>
>>>>>> There needs to be an admin user created while Keycloak being started.
>>>>>> So, you need to pass the environment variables to the docker container.
>>>>>> Without passing the environment variables Keycloak will not have an admin
>>>>>> user unless you use the previous database of Keycloak that had admin user
>>>>>> already. Try adding these two variables in your compose file and let us
>>>>>> know.
>>>>>>
>>>>>>
>>>>>>
>>>>>> - KEYCLOAK_USER=admin
>>>>>>
>>>>>> - KEYCLOAK_PASSWORD=password-here
>>>>>>
>>>>>>
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> Jagan Rekala
>>>>>>
>>>>>>
>>>>>>
>>>>>> *From:* keycloak-user-bounces at lists.jboss.org [mailto:
>>>>>> keycloak-user-bounces at lists.jboss.org] *On Behalf Of *Kevin Thorpe
>>>>>> *Sent:* Wednesday, August 17, 2016 9:48 AM
>>>>>> *To:* keycloak-user <keycloak-user at lists.jboss.org>
>>>>>> *Subject:* [keycloak-user] Cannot log in as admin when using docker
>>>>>> image 2.0.0 mysql
>>>>>>
>>>>>>
>>>>>>
>>>>>> I'm trying to use Keycloak 2.0.0 from the docker image using mysql
>>>>>> and I can't log in once running. It all starts up ok and it creates the
>>>>>> initial schema ok. When I try to log in to the admion console it can't find
>>>>>> the admin user. What am I doing wrong? I thought it was my modifications to
>>>>>> the image to add https that were wrong but it doesn't work from the
>>>>>> published image anyway.
>>>>>>
>>>>>>
>>>>>>
>>>>>> lots snipped....
>>>>>>
>>>>>> keycloak_1 | 2016-08-17T16:39:58.280453387Z 16:39:58,280 INFO [
>>>>>> org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak
>>>>>> 2.0.0.Final (WildFly Core 2.0.10.Final) started in 29551ms - Started 418 of
>>>>>> 800 services (542 services are lazy, passive or on-demand)
>>>>>>
>>>>>> keycloak_1 | 2016-08-17T16:40:16.238260785Z 16:40:16,237 WARN
>>>>>> [org.keycloak.events] (default task-7) type=LOGIN_ERROR, realmId=master,
>>>>>> clientId=security-admin-console, userId=null, ipAddress=10.20.11.52,
>>>>>> error=user_not_found, auth_method=openid-connect, auth_type=code,
>>>>>> redirect_uri=http://10.20.13.236:8080/auth/admin/master/console/,
>>>>>> code_id=2bde62ed-9b9f-4620-b07f-39d4a282098c, username=admin
>>>>>>
>>>>>>
>>>>>>
>>>>>> docker-compose.yml is:
>>>>>>
>>>>>> keycloak:
>>>>>>
>>>>>> image: jboss/keycloak-mysql:2.0.0.Final
>>>>>>
>>>>>> # image: docker.pibenchmark.com/pi-keycloak:2.0.0-01
>>>>>>
>>>>>> environment:
>>>>>>
>>>>>> MYSQL_PORT_3306_TCP_ADDR: mysql
>>>>>>
>>>>>> MYSQL_PORT_3306_TCP_PORT: 3306
>>>>>>
>>>>>> MYSQL_USERNAME: keycloak
>>>>>>
>>>>>> MYSQL_PASSWORD: xxxxxx
>>>>>>
>>>>>> ports:
>>>>>>
>>>>>> - "8443:8443/tcp"
>>>>>>
>>>>>> - "8080:8080/tcp"
>>>>>>
>>>>>> links:
>>>>>>
>>>>>> - keycloak-db:mysql
>>>>>>
>>>>>> # tty: true
>>>>>>
>>>>>> # stdin_open: true
>>>>>>
>>>>>>
>>>>>>
>>>>>> keycloak-db:
>>>>>>
>>>>>> environment:
>>>>>>
>>>>>> MYSQL_ROOT_PASSWORD: yyyyyy
>>>>>>
>>>>>> MYSQL_DATABASE: keycloak
>>>>>>
>>>>>> MYSQL_USER: keycloak
>>>>>>
>>>>>> MYSQL_PASSWORD: xxxxxx
>>>>>>
>>>>>> image: mysql/mysql-server:5.6
>>>>>>
>>>>>> volumes:
>>>>>>
>>>>>> - keycloak-test-db:/var/lib/mysql
>>>>>>
>>>>>> volume_driver: convoy
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> *Kevin Thorpe*
>>>>>>
>>>>>> VP Enterprise Platform
>>>>>>
>>>>>> [image: http://i.imgur.com/8UeC1YO.png]
>>>>>>
>>>>>> www.p-i.net | @PI_150 <https://twitter.com/@PI_150>
>>>>>>
>>>>>>
>>>>>> *T: **+44 (0)20 3005 6750* <%2B44%20%280%2920%203005%206750>* | F: **+44(0)20
>>>>>> 7730 2635* <%2B44%280%2920%207730%202635>* | T: **+44 (0)808 204
>>>>>> 0344* <%2B44%20%280%29808%20204%200344>
>>>>>> *150 Buckingham Palace Road, London, SW1W 9TR, UK*
>>>>>>
>>>>>> [image:
>>>>>> https://clients.p-i.net/documents/11003/1116416/BSI-UKAS.logo_150.png]
>>>>>> [image:
>>>>>> https://clients.p-i.net/documents/11003/1116416/ISO27001.logo_150.png]
>>>>>> [image:
>>>>>> https://clients.p-i.net/documents/11003/1116416/QMS.logo_150.png]
>>>>>> [image:
>>>>>> https://clients.p-i.net/documents/11003/1116416/pci.logo_150.png]
>>>>>>
>>>>>>
>>>>>> *SAVE PAPER - THINK BEFORE YOU PRINT!*
>>>>>>
>>>>>> ____________________________________________________________________
>>>>>>
>>>>>> This email and any files transmitted with it are confidential and
>>>>>> intended solely for the use of the individual or entity to whom they are
>>>>>> addressed. If you have received this email in error please notify the
>>>>>> system manager. This message contains confidential information and is
>>>>>> intended only for the individual named. If you are not the named addressee
>>>>>> you should not disseminate, distribute or copy this e-mail. Please notify
>>>>>> the sender immediately by e-mail if you have received this e-mail by
>>>>>> mistake and delete this e-mail from your system. If you are not the
>>>>>> intended recipient you are notified that disclosing, copying, distributing
>>>>>> or taking any action in reliance on the contents of this information is
>>>>>> strictly prohibited.
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> keycloak-user mailing list
>>>>> keycloak-user at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>
>>>>
>>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160818/d62360ae/attachment-0001.html
More information about the keycloak-user
mailing list