How do I create an admin user in a realm in Keycloak? I tried /bin/add-user.sh -r myrealm -u admin -p <pwd>
It gave me the error:
* Error *
WFLYDM0065: The user supplied realm name 'myrealm' does not match the realm name discovered from the property file(s) 'ManagementRealm'.
Exception in thread "main" org.jboss.as.domain.management.security.adduser.AddUserFailedException: WFLYDM0065: The user supplied realm name 'myrealm' does not match the realm name discovered from the property file(s) 'ManagementRealm'.
at org.jboss.as.domain.management.security.adduser.ErrorState.execute(ErrorState.java:72)
at org.jboss.as.domain.management.security.adduser.AddUser.run(AddUser.java:133)
at org.jboss.as.domain.management.security.adduser.AddUser.main(AddUser.java:231)
at org.jboss.modules.Module.run(Module.java:352)
at org.jboss.modules.Module.run(Module.java:320)
at org.jboss.modules.Main.main(Main.java:593)
I tried /bin/add-user-keycloak.sh -r myrealm -u admin -p <pwd>. It asked me to restart the server which I did but I did not see the user either.
If one knows how to make it using the python client, that would be great too.
Create regular user in a realm:
Open admin console and select realm of your choice (realm selection box on top left side).
Go to users (sidebar) -> add user (button on the right side)
Fill in required fields and press save button.
Open Credentials tab and set password.
Open Role Mapping tab:
Select realm-management under Client Roles.
Select all available roles and press Add selected. (realm-admin is enough, other roles are inherited. Effective Roles will show the role mapping for the client)
Go to http://keycloak/auth/admin/REALM_NAME/console (replace REALM_NAME with realm name in which you created the user) and login.
You should see admin UI only for this realm.
You can also automate user creation via Admin REST API: https://www.keycloak.org/docs-api/19.0.3/rest-api/index.html#_users_resource
Fromyour example, i suppose you want to create an admin that would administrate a new realm. Then an admin form this new realm, different from the master (default) one.
Simply, here is the way to create an admin in a realm.
1 - Create the realm
From the Master realm, create un new realm (Myrealm)
Be sure to be in that new realm (select it in the list under master realm)
2 - Create an admin role for the new created realm
In the menu (to the left side), under Configure main title, select Roles
In the Realm Roles tab, click on the button Add Role and give it a name (admin) and a description (Myrealm admin role) and switch on the Composite Role
In the new revealed section (Composite Roles), type in the client roles field: realm-management, then select it.
Select all the available elements in that selection from Available Roles, click [Add selected] button.
/!\ This role is only availbale to this realm and will affect only users related to the realm.
3 - Affect the admin role to a user
Still in the same realm, create or choose a user you want it to become the admin
Go to its Role Mappings tab, and send the Available Roles admin to Assigned Roles.
Try to login http://keycloak/auth/admin/REALM_NAME/console (replace REALM_NAME with realm name in which you created the user) and adjust permissions of this realm admin user (from another browser with the master admin account). For example, the new admin realm user can delete role (that is not normal), it can do many thing on their realm you don't want it to do explicitely... (I guess)
That's all.
You should be able to create using add-user-keycloak command , but you need to restart the keycloak server to actually add the user. here is the documentation
/bin/add-user-keycloak.sh -r myrealm -u admin -p <password>
But before adding user you need to create realm myrealm using
kcadm.sh create realms ........
Pleas have a look in this command
/bin/add-user.sh -r myrealm -u admin -p <pwd>
here you are trying to run a shell script which will create a user admin with some password under realm myrealm .
So its mandatory myrealm realm should exist before you are going to create a user under it.
If this is not working try to create a user under master realm which is default realm exist after keycloak installation.
Id you are not aware how to create realm ,here are some of the admin-cli and curl commands to do so
How to create realm with the help of admin-cli
/opt/keycloak/bin/kcadm.sh create realms -s realm=<Realm-NAME> -s id="<realm-id>" -s enabled=true -s
How to create realm with the help of curl command
curl -v <Keycloak-Ip-address>:<Port>/auth/admin/realms -H "Content-Type: application/json" -H "Authorization: Bearer $TOKEN" --data '{"realm":"Realm-name","id":"Realm-id","enabled":"true"}' -k
Related
I want to give an access to my postgres DB for a user so he can have a read only data for 2 tables in my DB.
So, I have created a role for this:
CREATE ROLE stagiaire WITH
LOGIN
NOSUPERUSER
INHERIT
NOCREATEDB
NOCREATEROLE
NOREPLICATION
ENCRYPTED PASSWORD 'xxx';
Then, I also create a user in the up right menu "Users", user type is "User", and gave him a password.
user: email#gmail.com
pass: mypass
Now, user can login, but he sees nothing, and have access to nothing.
How can I link the user email#gmail.com with role "stagiaire"
I found the solution.
User must login. He sees nothing.
He must add himself the Server, so he must know URL to connect.
in my case, my internal URL: postgres.metadata.svc.cluster.local:5432
Then, he will use his login / password to connect.
Now, he will be able to see all resource, but will only be able to open the one with access granted.
Hope this helps
after installing oracle 19 C it was asking for username and password. what to type in that and how to create a new user with all permissions and authentication rights.(note i tried create user command by login as SYSDBA but it showing error as invalid common user or role name.
enter image description here
[enter image description here][2]
create user c##yourusername identified by tiger;
To create a user in a particular container do follows:
alter session set container
Crate user
Example:
alter session set "_ORACLE_SCRIPT"=true;
CREATE USER your_user_name IDENTIFIED BY your_password
After finished user creation please add grant permission to your user. Otherwise you may not be able to login in with this user.
GRANT Dba to your_user_name
alter session set "_ORACLE_SCRIPT"=true;
After execute the above script user has been created.
Im currently creating an API for a school project and everything is working good. My setup is: Node v10, Postgres, Koa and so on...
I currently have this:
CREATE ROLE sa WITH LOGIN PASSWORD 'some-password.';
CREATE DATABASE master WITH OWNER sa;
\c master;
When the init script runs in the docker machine the output I get is this one:
CREATE ROLE
CREATE DATABASE
You are now connected to database "master" as user "postgres".
So I did change the file to something like this:
CREATE ROLE sa WITH LOGIN PASSWORD 'some-password.';
CREATE DATABASE master WITH OWNER sa;
CONNECT TO master AS main USER sa;
And I get a syntax error:
STATEMENT: CONNECT TO master AS sa USER sa;
psql:/docker-entrypoint-initdb.d/init.sql:4: ERROR: syntax error at or near "CONNECT"
I can't find anywhere in docs (or haven't look very good) how to connect from a .sql file to a database with an specific user.
How would I connect to 'master' with its owner, which is 'sa' from a .sql file?
You can do this via this command in psql:
\c db_name usr_name
Here my assumption is you have a SQL file called "a.sql" and contains the lines of code in the file.
CREATE ROLE sa WITH LOGIN PASSWORD 'some-password.';
CREATE DATABASE master WITH OWNER sa;
\c master;
Now you are running this script using "psql" command line interface (CLI), so you get the message as below...
CREATE ROLE
CREATE DATABASE
You are now connected to database "master" as user "postgres".
Now, the thing to be noted that you have connected to database "master" because of "\c master" with user "postgres" because of you passed the credential of "postgres" user. Is I am right here then, If yes, then you have to pass the user and password for different user i.e. "sa" as below.
psql -h localhost -p 5432 -U sa -f a.sql master
Now, it will prompt for the password of "sa" user, finally, your script will run and you will be connected to "sa" user.
You can do this via this command in terminal
psql -d database -U username
I want to create a new user in MongoDB.
Do I do that by logging in as admin (use admin) and then using the command add user to create new user?
If no users created you can create new user without any authentification, but if you have created admin user for specific database you should authentifcate, and then perform any operation.
Documentation:
If no users are configured in
admin.system.users, one may access the
database from the localhost interface
without authenticating. Thus, from the
server running the database (and thus
on localhost), run the database shell
and configure an administrative user:
$ ./mongo
> use admin
> db.addUser("theadmin", "anadminpassword")
We now have a user created for
database admin. Note that if we have
not previously authenticated, we now
must if we wish to perform further
operations, as there is a user in
admin.system.users.
> db.auth("theadmin", "anadminpassword")
We can view existing users for the
database with the command:
> db.system.users.find()
Now, let's configure a "regular" user
for another database.
> use projectx
> db.addUser("joe", "passwordForJoe")
I have created a ROLE with name Admin and I have given it all accesses (including CREATEDB). I have created a User ekekakos who is member of Admin role and inherints from it. When I am trying to create a new DB with ekekakos I am getting the following message:
ERROR. PERMISSION DENIED TO CREATE DATABASE.
When I enable the option CAN CREATE DB to the user ekekakos, the database is created.
Why the user do not take the privilages of the role Admin?
Thanks
Excerpt from the docs:
The role attributes LOGIN, SUPERUSER, CREATEDB, and CREATEROLE can be thought of as special privileges, but they are never inherited as ordinary privileges on database objects are. You must actually SET ROLE to a specific role having one of these attributes in order to make use of the attribute.