I have made a custom theme for Keycloak and I'd like to set a specific realm to use that theme for the login page and enable internationalization without using admin console, mainly because I want to make it automatic as the realm creation based on the JSON import.
It seems the JSON file is unable to handle theme configuration, is there any way to make this configuration without any human action?
You can use Keycloak CLI to specify a theme for realm. Keycloak CLI executable (kcadm.bat or kcadm.sh) is placed in the /bin directory
First, you need to login with admin credentials:
kcadm config credentials --server http://localhost:8080/auth --realm master --user admin --password ADMIN_PASSWORD
Then you need to update corresponding realm, setting its loginTheme attribute:
kcadm update realms/REALM_NAME -s "loginTheme=REALM_LOGIN_THEME_NAME"
Related
I freshly installed Grafana and I cannot login at http://localhost:3000/login
All documentation shows that the default user/password should be admin/admin but I'm locked out.
If I go to check into the file C:\Program Files\GrafanaLabs\grafana\defaults.ini the values are set to:
[security]
# disable creation of admin user on first start of grafana
disable_initial_admin_creation = false
# default admin user, created on startup
admin_user = admin
# default admin password, can be changed before first start of grafana, or in profile settings
admin_password = admin
# used for signing
secret_key = SW2YcwTIb9zpOOhoPsMm
# current key provider used for envelope encryption, default to static value specified by secret_key
encryption_provider = secretKey
If I try to retrieve the password through the e-mail I receive no e-mail.
What am I doing wrong?
The problem come from the grafana.db file. This is where your password is stored.
In your local machine, install the sqlite3 package
sudo apt-get install sqlite3
Login into your sql database
sudo sqlite3 /var/lib/grafana/grafana.db
Reset the admin password using SQL update (the new password will be admin)
sqlite> update user set password = '59acf18b94d7eb0694c61e60ce44c110c7a683ac6a8f09580d626f90f4a242000746579358d77dd9e570e83fa24faa88a8a6', salt = 'F3FAxVm33R' where login = 'admin';
sqlite> .exit
Now, you could log in your Grafana web interface using username: admin and password: admin
Why is the login with admin:admin despite the configuration not working?
One possibility here is that you had Grafana installed previously (and when using it with the admin account already had to change the default password set in the config). In that case, you did not freshly install Grafana but instead upgraded it. That preserves the database including users and passwords, therefore you will have to use the password you set for that account.
Why are you not getting a reset password email?
I can think of two possibilities here: One is that Email is not configured in the Grafana config file and therefore no emails can be sent. The second one is that you did not set the email address for the account in question (afaik defaults to "admin#localhost") and therefore you don't get any emails. Of course it is possible that both is the case.
How can you solve this?
By either resetting the admin password (that will allow you to keep your existing data) or by removing Grafana and all files completely and making a fresh install.
I installed Keycloak 17.0.0 but not able to create admin user. I followed this document.
When I access Keycloak page, it is showing "you need local access to create the initial admin user". Screenshot is here - Keycloak. Also I didn't find the add-user-keycloak script in Keycloak 17.0.0. I am quite new to this. Can anyone help on how to create the initial admin user?
Thanks in advance.
I to have been trying to play around with Keycloak 17, and have found it far from easy to get it to work as I expected.
I am trying to get it work on remote server,where its impossible to login on localhost. To create the admin user I followed the information in the Keycloak document at KeyCloak documents, see the section called Creating the first administrator
You set the following envronmental variables
export KEYCLOAK_ADMIN='username'
export KEYCLOAK_ADMIN_PASSWORD='password'
bin/kc.[sh|bat] start
Were username and password are strings for username and password.
Another problem I had was getting Keycloak to work on my server haggis on port 8085. My solution was to invoke it as follows.
./kc.sh start-dev --http-port=8085 --http-host=haggis --db-url-host=haggis --db-username=kc --hostname=haggis:8085 --hostname-admin=haggis:8085 --hostname-strict-backchannel=true --db-url-database=postgresql --db-username='kcuser'
This command line instructs Keycloak to start up on the server haggis, at port 8085, using a postgres database with a database user called kcuser in development mode.
My largest problem was working out that you had to include the port number in the hostname style arguments.
Once everything is working you can invoke it as
http://haggis:8085/admin/master/console/#/realms/master
Ok, someone far cleverer than I figured this out:
export KEYCLOAK_ADMIN=admin
export KEYCLOAK_ADMIN_PASSWORD=admin
sudo -E bin/kc.sh start-dev
https://github.com/keycloak/keycloak/discussions/10262
But don't use admin/admin of course...
I have pgAdmin (dpage/pgadmin4:4.29) container running in Kubernetes. As a master user I have added Database connections and share the connection. I can disconnect/reconnect to database without password as a master user.
But for additional users I have created, those users password are not getting saved even they have selected Save Password option at the time of connection. pgAdmin keep asking for password when connecting to DB.
What I am missing in my setup.
NobleUplift's issue of the "Save Password" checkbox being disabled can be caused by certain config flags in the config.py file. Remembering passwords for SSH tunneling is disabled by default, for example.
You can re-enable the checkbox by writing
ALLOW_SAVE_TUNNEL_PASSWORD = True # SSH tunnel password saving, default False
ALLOW_SAVE_PASSWORD = True # database password saving, default True
to a new config_local.py file in the same directory where you find your main config.py file. Pg discourages writing the the main config.py file directly. See the docs for more details about the preferred config file and where to find them. (I found mine under "pgAdmin 4\v6\web\config.py", not where the docs said.)
This seems to be where the 'disable password saving' idea came from.
Apologies roy for not answering your question directly, but I didn't have the ability to respond directly to Noble. However, the config docs also mention that the ENHANCED_COOKIE_PROTECTION flag can interfere with Kubernetes (and other auth settings), which might be worth a look.
I have a PHP application that needs to connect to a Postgres database and I don't want to store the credentials in a config file outside the web tree, if I can help it. I installed the pgsql module.
I read this SO post and like the idea of putting them in httpd.conf
I was wondering if anyone has figured out a way to store PostgreSQL db credentials in httpd.conf.
There are no predefined php.ini directives for PostgreSQL PHP module like there are for MySQL PHP module, as far as I can tell:
http://php.net/manual/en/ini.list.php
php_value mysql.default.user myusername
php_value mysql.default.password mypassword
php_value mysql.default.host server
Thanks
You have a few options here.
The best option, if you can do it, is to use certificate auth and a client certificate.
The second best option if you can is to use a .pgpass file, which would store this in the home directory of the user that Apache runs as.
Your third option is you could use mod_rewrite to set the PGUSER and PGPASSWORD environment variables. Note that this is pretty dangerous because anyone on the server could access the environment and learn the username and password.
I did not find any reference to user related commands for the jenkins-cli tool.
I need this to automate deployment.
Any comeback?
To use jenkins internal database simply use the following command.
echo 'jenkins.model.Jenkins.instance.securityRealm.createAccount("user1", "password123")' | \
java -jar jenkins-cli.jar -s http://localhost:8080/ groovy =
This will create user=user1 with password=password123
If you have any existing user and have restricted anonymous access to your jenkins, you can specify the username and password with
--username "user_name" and --password "password"
Maybe you don't want to use Jenkins' internal user database at all. There are a host of "Authentication and User Management" plugins.
If you like MySQL, there is a MySQL authenticator (it reads a table of users and passwords), and your "adduser" command could do an insert on that table.
If you like flat files, there is a "Script Security Realm", where you can authenticate with an arbitrary script. Write a file with user and password combos in your favorite format, write an "adduser" script that writes to it, and write an auth script that reads the file and determines whether to authenticate the user.
You can also hook up to an LDAP server, Active Directory, Atlassian Crowd, Unix user accounts (pw_auth), or whatever authentication your application server uses (if it's running off of a Tomcat server, for instance, you can tell Jenkins to let Tomcat authenticate users, and set up Tomcat to do it however you want.
If you specify in more detail what you are trying to do people here may help you better. That said, here are some pointers:
All CLI commands are available via http://[jenkins-server]/cli. What's not found there is not available via CLI. You can specify user name / password via --username and --password (or --password-file) options in CLI commands.
Another option for Jenkins automation is to use Python JenkinsAPI.
You can also use tools like wget and curl to perform certain actions (such as starting a build). There you may use user-specific tokens instead of username/password.
Here's another link that can be helpful.