[keycloak-user] Not able to create administrative User in Domain Clustered Mode

Frank, Hans, 22F Hans.Frank at bamf.bund.de
Tue Dec 3 03:29:47 EST 2019


Hi again,

Already found the solution: You have to copy keycloak-add-user.json to the
node configuration directory:

cp domain/configuration/keycloak-add-user.json
domain/servers/server-one/configuration

My interpretation of the documentation is that it should load the
keycloak-add-user.json   from domain configuration directory when starting
keycloak in Domain Clustered Mode.

Now after copying the file to the server-one configuration directory there
is also a message while starting up regarding importing the user account:

[Server:server-one] 09:22:45,025 INFO  [org.keycloak.services]
(ServerService Thread Pool -- 62) KC-SERVICES0006: Importing users from
'/opt/kc0/keycloak-8.0.1/domain/servers/server-one/configuration/keycloak-ad
d-user.json'
[Server:server-one] 09:22:45,427 INFO  [org.keycloak.services]
(ServerService Thread Pool -- 62) KC-SERVICES0009: Added user 'admin' to
realm 'master'

Is this the correct initial setup process?

Regards,
Hans

-----Ursprüngliche Nachricht-----
Von: keycloak-user-bounces at lists.jboss.org
[mailto:keycloak-user-bounces at lists.jboss.org] Im Auftrag von Frank, Hans,
22F
Gesendet: Dienstag, 3. Dezember 2019 08:59
An: keycloak-user at lists.jboss.org
Betreff: [keycloak-user] Not able to create administrative User in Domain
Clustered Mode

Hi all,

I am trying to configure Keycloak in Domain Clustered Mode. I already was
able to create a little bit more advanced configuration (with external
database and loadbalancer and so on) in standalone clustered mode and I am
trying to transfer this configuration to domain clustered mode. But I am not
able to create the initial admin account in domain clustered mode, so I
tried to narrow the problem down with leaving everything on default and just
try to create that account. 

So the basic setup is:
- Download and unzip keycloak-8.0.1.zip
- Start master (including loadbalancer): ./bin/domain.sh
--host-config=host-master.xml

(basically the "Clustered Domain Example" from the documentation without the
slave node instance.)

When accessing keycloak (locally) I get the message "You need local access
to create the initial admin user. Open http://localhost:8080/auth or use the
add-user-keycloak script."

When I open http://localhost:8080/auth I get the exact same message. When I
open http://localhost:8080/auth/admin, I get a login form.

So I tried to use the script add-user-keycloak.sh:
./bin/add-user-keycloak.sh -r master -u admin -p Test --domain --dc
$KH/keycloak-8.0.1/domain/configuration/
Added 'admin' to
'/opt/kc0/keycloak-8.0.1/domain/configuration/keycloak-add-user.json',
restart server to load user

... and then restarted the server. But I still get the message "You need
local access ...." and when trying to login directly via .../auth/admin I
get "Invalid username or password.". Log output:


[Server:server-one] 08:52:10,560 WARN  [org.keycloak.events] (default
task-2) type=LOGIN_ERROR, realmId=master, clientId=security-admin-console,
userId=null, ipAddress=127.0.0.1, error=user_not_found,
auth_method=openid-connect, auth_type=code,
redirect_uri=http://localhost:8080/auth/admin/master/console/,
code_id=b4fb71f2-6e61-40c9-8953-506e589a1a0a, username=admin,
authSessionParentId=b4fb71f2-6e61-40c9-8953-506e589a1a0a,
authSessionTabId=RZzwAXq3BEw


The content of ../domain/configuration/keycloak-add-user.json looks OK for
me:

[ {
  "realm" : "master",
  "users" : [ {
    "username" : "admin",
    "enabled" : true,
    "credentials" : [ {
      "type" : "password",
      "secretData" :
"{\"value\":\"s0uo+lD2jgE+i68wWym1El6mlsMKJY3fkxlOMpRul9FBUv5vmQA/YbCC541NkP
2EXOp6UjQYtSErkI9OQnM65Q==\",\"salt\":\"WYn5KUEDP+LbxGQQDZfnSg==\"}",
      "credentialData" :
"{\"hashIterations\":100000,\"algorithm\":\"pbkdf2-sha256\"}"
    } ],
    "realmRoles" : [ "admin" ]
  } ]

What step did I miss in order to create the administrative account needed
for the initial login?

Thanks!
Hans
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4729 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20191203/5e1831fe/attachment.bin 


More information about the keycloak-user mailing list