Can't create initial admin user in keycloak - keycloak

it shows an error "we are sorry an internal error occurred" while entered username password and confirm password. How can i create initial admin user?

If you are running Keycloak in docker container then you can define admin name and password during startup:
docker run --name keycloak -p 8080:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin jboss/keycloak
Otherwise, you can add the user as follows (this actually what is done in docker container behind the scenes):
/opt/jboss/keycloak/bin/add-user-keycloak.sh --user "$KEYCLOAK_USER" --password "$KEYCLOAK_PASSWORD"

The admin console is available at:
http://localhost:8080/admin

Related

Nexus return 401 Unauthorized, after build image from Dockerfile

I'm new in docker, try to google this issue, bit found nothing.
I have to create nexus image from sonatype/nexus3 and change password in admin.password file after creating image.
It's my Dockerfile:
FROM sonatype/nexus3
WORKDIR /nexus-data
RUN ["/bin/bash", "-c", "echo root >> admin.password"]
and when i check the file admin.password (docker exec <container> cat admin.password) i have this result:
root
And Authorization works if i run continer from sonatype/nexus3 image from docker hub (with default UUID password).
What should i do?
I am thinking that maybe i rewrite admin profile or delete it somehow?
The way it works is that the sonatype/nexus3 image contains an already installed version and the random password has been written to admin.password. But it's just a log, not the password used to confgure nexus.
What you want to do has already been answered here How to set admin user/pwd when launching Nexus docker image
Here is a detailed walkthrough to change the admin password from the CLI after starting a fresh nexus3 docker container. You can easily script that once you understand how it works.
Important note to clear a possible misunderstanding: you don't build a nexus3 image containing predefined data like your admin password. You start a fresh image which will initialize fresh data when using an empty nexus-data volume, including a random admin password and you use that password to change it to your own value.
Start a docker container from the official image. Note: this is a minimal and trashable (i.e. --rm) start just for the example. Read the documentation to secure your data.
docker run -d --rm --name testnexus -p 8081:8081 sonatype/nexus3:latest
Wait a bit for nexus to start (you can check the logs with docker logs testnexus) then read the generated password into a variable:
CURRENT_PASSWORD=$(docker exec testnexus cat /nexus-data/admin.password)
Set the expected admin password into an other variable
NEW_PASSWORD=v3rys3cur3
Use the Nexus API to change the admin password:
curl -X PUT \
-u "admin:${CURRENT_PASSWORD}" \
-d "${NEW_PASSWORD}" \
-H 'accept: application/json' \
-H 'Content-Type: text/plain' \
http://localhost:8081/service/rest/v1/security/users/admin/change-password
Access Nexus GUI with your browser at http://localhost:8081, login with your newly changed password, enjoy.

connecting pgAdmin4 docker to postgres instance- server dialog not showing

I'm new to docker and pgAdmin.
I am trying to create a server on pgAdmin4. However, I cannot see the Server dialog when I click on "Create" in pgAdmin. I only see Server Group (image below).
Here's what I'm doing in the command prompt:
Script to connect and create image for postgres:
docker run -it -e POSTGRES_USER="root" -e POSTGRES_PASSWORD="root" -e POSTGRES_DB="ny_taxi" -v "c://Users//bpatel//data-engineering-zoomcamp//week_1_basics_n_setup//2_docker_sql//ny_taxi_data:/var/lib/postgresql/data" -p 5431:5432 postgres:13
Script to run pgAdmin after postgres is running:
docker run -it -e PGADMIN_DEFAULT_EMAIL="admin#admin.com" -e PGADMIN_DEFAULT_PASSWORD="root" -p 8080:80 dpage/pgadmin4
I am using localhost:8080 in my browser to open pgAdmin. When I try to create a new server, I only see "Server Group" option. But I need the "Server" dialog. Image for reference:
I'm not sure what I am missing? Please help! Thank you!!
They recently changed "create server" to "register server", to more accurately reflect what it actually does. Be sure to read the docs for the same version of the software as you are actually using.

Postgres container not recognizing POSTGRES_USER_FILE environment variable

For whatever reason I can't get postgres to recognize the POSTGRES_USER_FILE environment variable.
With the following secret:
echo "pass" | docker secret create psql_pass -
When I create the following service i can log in (using adminer) using the account "pass":"pass"
Docker service create --name psql --secret psql_pass -e POSTGRES_PASSWORD_FILE=/run/secrets/psql_pass -e POSTGRES_USER=pass postgres
But when I create THIS service, I CANNOT log in using the same account "pass":"pass"
Docker service create --name psql --secret psql_pass -e POSTGRES_PASSWORD_FILE=/run/secrets/psql_pass -e POSTGRES_USER_FILE=/run/secrets/psql_pass postgres
(yes, it should be user:pass, but I wanted to illustrate that its the exact same secret being used)
I have verified that the secret is being set correctly in the container (cat /run/secrets/psql_pass)
Am I missing something here? Why isn't POSTGRES_USER_FILE being recognized?

Postgres docker error: FATAL: password authentication failed for user

I created a Postgres container with docker
sudo docker run -d \
--name dev-postgres \
-e POSTGRES_PASSWORD=test \
-e POSTGRES_USER=test \
-v ${HOME}/someplace/:/var/lib/postgresql/data \
-p 666:5432 \
postgres
I give the Postgres instance test as a username and password as specified in the doc.
The Postgres port (5432) inside the container is linked to my 666 port on the host.
Now I want to try this out using psql
psql --host=localhost --port=666 --username=test
I'm prompted to enter the password for user test and after entering test, I get
psql: error: FATAL: password authentication failed for user "test"
There are different problems that can cause this
The version of Postgres on the host and the container might not be the same
If you have to change the docker version of Postgres used, make sure that the container with the new version is not crashing. Trying to change the version of Postgres while using the same directory for data might cause problem as the directory was initialized with the wrong version.
You can use docker logs [container name] to debug if it crashes
There might be a problem with the volumes used by docker (something with cached value preventing the creation of a new user when env variable change) if you changed the env parameters.
docker stop $(docker ps -qa) && docker system prune -af --volumes
If you have problem with some libraries that use Postgres, you might need to install some package to allow libraries to work with Postgres. Those two are the one Stack Overflow answers often reference.
sudo apt install libpq-dev postgresql-client
Other problems seem to relate to problems with docker configuration.

"You need local access to create the initial admin user" error while keycloak startup in docker

While starting keycloak server on docker, I am getting this error: "You need local access to create the initial admin user". But running it locally, it's working fine.
Another thing is that if I want to use Postgres db instead of embedded H2 db then should I create tables to store user, clients and scope, etc? If yes how can I get db structure for all tables?
You can let the container create the admin user by providing the environment variables KEYCLOAK_USER and KEYCLOAK_PASSWORD:
docker run -e KEYCLOAK_USER=<USERNAME> -e KEYCLOAK_PASSWORD=<PASSWORD> jboss/keycloak
Or add the account to an existing container( Service or container restart required afterwards) with:
docker exec <CONTAINER> /opt/jboss/keycloak/bin/add-user-keycloak.sh -u <USERNAME> -p <PASSWORD>
And either restart container
docker restart <container>
Or restart the service (#Madeo's answer)
docker exec -it <container> /opt/jboss/keycloak/bin/jboss-cli.sh --connect --command=:reload
The above commands come from the Keycloak Docker image page on Docker Hub.
Regarding your database question, you don't have to provide the tables by hand.
You can refer to chapter 6 (§6.4, §6.5) of the Keycloak documentation for the details of how to configure a PostgreSQL DB.
Open container bash console
cd /keycloak/bin
bash ./add-user-keycloak.sh -u admin
Enter desired password
Restart the container
Go to following URL for login
http://dockerIP:8080/auth/admin/
For Keycloak 17, you can use lynx locally to create the admin user:
lynx localhost:8080
Then just Tab to navigate fields and press Enter on the Create button:
Keycloak
Welcome to Keycloak
[user.png] Administration Console
Please create an initial admin user to get started.
Username ____________________
Password ____________________
Password confirmation ____________________
(BUTTON) Create
[user.png] Administration Console
Centrally manage all aspects of the Keycloak server
[admin-console.png] Documentation
User Guide, Admin REST API and Javadocs
[keycloak-project.png] Keycloak Project
[mail.png] Mailing List
[bug.png] Report an issue
JBoss and JBoss Community
None of the tips above worked. Finally I use Environment Variables:
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: admin
The full code of the docker-compose.yml:
version: '3'
volumes:
postgres_data:
driver: local
services:
postgres:
image: postgres
volumes:
- postgres_data:/var/lib/postgresql/data
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: password
keycloak:
image: quay.io/keycloak/keycloak:17.0.1
environment:
DB_VENDOR: POSTGRES
DB_ADDR: postgres
DB_DATABASE: keycloak
DB_USER: keycloak
DB_SCHEMA: public
DB_PASSWORD: password
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: admin
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: admin
entrypoint: ["/opt/keycloak/bin/kc.sh", "start-dev"]
ports:
- 8080:8080
depends_on:
- postgres
The answer with docker is incomplete and it won't work
If you add the user via docker container you must restart jboss server
docker exec -it keycloak-container /opt/jboss/keycloak/bin/add-user-keycloak.sh -u admin -p admin
and then:
docker exec -it keycloak-container /opt/jboss/keycloak/bin/jboss-cli.sh --connect --command=:reload
This worked for me:
cd /opt/keycloak/bin
sudo ./add-user-keycloak.sh -u admin -p yourpass
Open 'keycloak.conf' file from Keycloak folder (in my case keycloak-18.0.0/conf)
db-username=postgres
db-password=password
db-url=jdbc:postgresql://yourhostname:5432/keycloak-db-name
If you start keycloak service, postgres DB will be created automatically
Using the Operator https://www.keycloak.org/guides#operator, I had the same issue.
The username and password provided by this step
kubectl get secret example-kc-initial-admin -o jsonpath='{.data.username}' | base64 --decode
kubectl get secret example-kc-initial-admin -o jsonpath='{.data.password}' | base64 --decode
https://www.keycloak.org/operator/basic-deployment#_accessing_the_keycloak_deployment
did not work.
What apparently solved it for me was deleting all Keycloak CRs, deployments, services, etc. and starting the tutorial from the beginning. Then, I omitted this optional step:
We suggest you to first store the Database credentials in a separate Secret, you can do it for example by running:
kubectl create secret generic keycloak-db-secret \
--from-literal=username=[your_database_username] \
--from-literal=password=[your_database_password]
(with made up Postgres username and password filling in the brackets)
I am not sure how the Database secret relates to the Admin User secret, but now the username and password in example-kc-initial-admin work. Perhaps Postgres was inaccessible to Keycloak. This was not indicated in the Keycloak logs.
I don't believe starting fresh was the solution, because I already tried that. Omitting keycloak-db-secret seems to have been important. I will need to fully understand where the DB secret is set, now; it may be insecure.