I was wondering if the same password on keycloak can have different secrets. I am asking this because I had a pod with postgres and one with keycloak and the admin password was not working when accessing the keycloak admin page on the browser. The reason for this was because on the sql dump file I used to restore the DB, there was already an admin user with a secret. When I removed all the entries for the user admin on the DB dump it worked. I assume the password for that user was admin and as such was wondering if my keycloak instance would add a different salt and as such the secret created on my machine be different than the secret stored in the DB dump, even for the same password.
CodePudding user response:
As @Bergie said KEYCLOAK_USER/KEYCLOAK_PASSWORD creates a new admin user if one doesn't exist already. This has nothing to do with the salting or whether the secret is different. So you'll have to login with the same credentials that were used in azure
Keycloak stores OAuth2 client secrets in plain text in DB. The Admin Console also displays client secrets. Client credentials, on the other hand, are what make client secrets similar to user passwords. Perhaps Keycloak ought to employ the same strategy when storing secrets in DB? Before saving it to the database, perhaps it should be hashed like a user password?
Refer this document for more information
To make a new administrator client you ought to erase the ongoing one in the data set. Or, if you prefer, you can simply change the admin username to admin_bkp. The admin user is created once more by simply restarting the container.
Connect to the database
$ kubectl exec -it keycloak-database-bd94f668c-rvmbt -- bashbash-5.1$ psql $ keycloak -U postgre -W
Delete or update the current admin user:
psql (12.10)
Type "help" for help
. keycloak=# update user_entity set "username"='admin_bkp' where "username"='admin'; UPDATE 1
Delete the application pod
$ kubectl delete pod keycloak-database-bd94f668c-rvmbt
The environment variables KEYCLOAK_USER and KEYCLOAK_PASSWORD should now allow you to log in as the admin user.