I am trying also to disable HTTPS, based on a stackoverflow question, an Answer was
to
docker exec -it {contaierID} bash
cd keycloak/bin
./kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user admin
./kcadm.sh update realms/master -s sslRequired=NONE
but after executing the third command I am getting the error of HTTPS Required
Image
Version 19.0.2 of Keycloak
Related
I'm trying to disable https:
I started the sever using bin/kc.sh start-dev
And then I tried to disable ssl using:
root#server:/opt/keycloak#
root#server:/opt/keycloak# /opt/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user admin –-password admin
Logging into http://locahost:8080/auth as user admin of realm master
Enter password: *****
null [RESTEASY003210: Could not find resource for full path: http://localhost:8080/auth/realms/master/protocol/openid-connect/token]
root#server:/opt/keycloak#
Do you know what is the proper way to execute the command?
PS:
Working commands:
/opt/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080 --realm master --user admin –-password admin
/opt/keycloak/bin/kcadm.sh update realms/master -s sslRequired=NONE
If you're using Spring Boot you can configure it in application.yml
keycloak:
ssl-required: none
Since you're using Keycloak 20.0.1 you don't need /auth in server path, therefore, you need to modify command for configuring Keycloak as shown bellow:
/opt/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080 --realm master --user admin –-password admin
After that you should be able to disable SSL:
/opt/keycloak/bin/kcadm.sh update realms/master -s sslRequired=NONE
I'm new in docker, try to google this issue, bit found nothing.
I have to create nexus image from sonatype/nexus3 and change password in admin.password file after creating image.
It's my Dockerfile:
FROM sonatype/nexus3
WORKDIR /nexus-data
RUN ["/bin/bash", "-c", "echo root >> admin.password"]
and when i check the file admin.password (docker exec <container> cat admin.password) i have this result:
root
And Authorization works if i run continer from sonatype/nexus3 image from docker hub (with default UUID password).
What should i do?
I am thinking that maybe i rewrite admin profile or delete it somehow?
The way it works is that the sonatype/nexus3 image contains an already installed version and the random password has been written to admin.password. But it's just a log, not the password used to confgure nexus.
What you want to do has already been answered here How to set admin user/pwd when launching Nexus docker image
Here is a detailed walkthrough to change the admin password from the CLI after starting a fresh nexus3 docker container. You can easily script that once you understand how it works.
Important note to clear a possible misunderstanding: you don't build a nexus3 image containing predefined data like your admin password. You start a fresh image which will initialize fresh data when using an empty nexus-data volume, including a random admin password and you use that password to change it to your own value.
Start a docker container from the official image. Note: this is a minimal and trashable (i.e. --rm) start just for the example. Read the documentation to secure your data.
docker run -d --rm --name testnexus -p 8081:8081 sonatype/nexus3:latest
Wait a bit for nexus to start (you can check the logs with docker logs testnexus) then read the generated password into a variable:
CURRENT_PASSWORD=$(docker exec testnexus cat /nexus-data/admin.password)
Set the expected admin password into an other variable
NEW_PASSWORD=v3rys3cur3
Use the Nexus API to change the admin password:
curl -X PUT \
-u "admin:${CURRENT_PASSWORD}" \
-d "${NEW_PASSWORD}" \
-H 'accept: application/json' \
-H 'Content-Type: text/plain' \
http://localhost:8081/service/rest/v1/security/users/admin/change-password
Access Nexus GUI with your browser at http://localhost:8081, login with your newly changed password, enjoy.
I ran the keycloak instance by
docker run -d --name keycloak \
-e ROOT_LOGLEVEL=INFO \
-e KEYCLOAK_LOGLEVEL=INFO \
-e KEYCLOAK_USER=admin \
-e KEYCLOAK_PASSWORD=admin \
-p 8080:8080 \
-it jboss/keycloak:master -b 0.0.0.0
docker logs -f keycloak
And then visit http://localhost:8080/auth/realms/master/protocol/openid-connect/token, get Internal Server Error:
So,
How to get the error log? docker logs keycloak stays at the startup information, now new request log.
Where is wrong, and how to fix the internal server error?
Why do you need GET request /auth/realms/master/protocol/openid-connect/token?
Token endpoint is for POST requests, not for GET request - see OIDC spec https://openid.net/specs/openid-connect-core-1_0.html#TokenRequest
it shows an error "we are sorry an internal error occurred" while entered username password and confirm password. How can i create initial admin user?
If you are running Keycloak in docker container then you can define admin name and password during startup:
docker run --name keycloak -p 8080:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin jboss/keycloak
Otherwise, you can add the user as follows (this actually what is done in docker container behind the scenes):
/opt/jboss/keycloak/bin/add-user-keycloak.sh --user "$KEYCLOAK_USER" --password "$KEYCLOAK_PASSWORD"
The admin console is available at:
http://localhost:8080/admin
Here what i tried login to server where keyclock deploy and use the below directory /keycloak/bin/
and run following command
./kcadm.sh config credentials --server https://<IP ADRESS>:8666/auth --realm master --user admin --password admin
But this command throw error.
Client secret not provided in request [unauthorized_client]
Why client information is required ? I have to do this through Admin CLI
Login into the keycloak
Create a New realm
Create User and userGroup.
So according to me in this case client secret or any such information not require but admin-cli command complaining about same.
Here is the solution of the above problem.After installation the keycloak .Keycloak will by default create few clients(account,admin-cli,broker,master-realm,security-admin-console) and in these all clients admin-cli will be come with access-type=public So if you are trying to login through keycloak u have to fire below command from /keycloak/bin directory
./kcadm.sh config credentials --server https://<IP ADDRESS>:8666/auth --realm master --user admin --password admin --client admin-cli
As i am using https you may get the below error as well
Failed to send request - sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
To overcome this issue please generate the certificate and put inside /keycloak/security/ssl folder and then fire this command
kcadm.sh config truststore --trustpass $PASSWORD ~/.keycloak/truststore.jks
Now question how to create the realm then after login through admin-cli client use below command
./kcadm.sh create realms -s realm=demorealm -s enabled=true