Home > other >  In keycloak, the same password can have different secrets?
In keycloak, the same password can have different secrets?

Time:12-19

I was wondering if the same password on keycloak can have different secrets. I am asking this because I had a pod with postgres and one with keycloak and the admin password was not working when accessing the keycloak admin page on the browser. The reason for this was because on the sql dump file I used to restore the DB, there was already an admin user with a secret. When I removed all the entries for the user admin on the DB dump it worked. I assume the password for that user was admin and as such was wondering if my keycloak instance would add a different salt and as such the secret created on my machine be different than the secret stored in the DB dump, even for the same password.

CodePudding user response:

As @Bergie said KEYCLOAK_USER/KEYCLOAK_PASSWORD creates a new admin user if one doesn't exist already. This has nothing to do with the salting or whether the secret is different. So you'll have to login with the same credentials that were used in azure

Keycloak stores OAuth2 client secrets in plain text in DB. The Admin Console also displays client secrets. Client credentials, on the other hand, are what make client secrets similar to user passwords. Perhaps Keycloak ought to employ the same strategy when storing secrets in DB? Before saving it to the database, perhaps it should be hashed like a user password?

Refer this document for more information

To make a new administrator client you ought to erase the ongoing one in the data set. Or, if you prefer, you can simply change the admin username to admin_bkp. The admin user is created once more by simply restarting the container.

Connect to the database

$ kubectl exec -it keycloak-database-bd94f668c-rvmbt -- bashbash-5.1$ psql $ keycloak -U postgre -W

Delete or update the current admin user:

psql (12.10)
 Type "help" for help
. keycloak=# update user_entity set "username"='admin_bkp' where "username"='admin'; UPDATE 1

Delete the application pod

$ kubectl delete pod keycloak-database-bd94f668c-rvmbt

The environment variables KEYCLOAK_USER and KEYCLOAK_PASSWORD should now allow you to log in as the admin user.

Page link:https//www.codepudding.com/other/646875.html

Prev:How can I fix the issue: "Cannot resolve method 'getById' in 'EmployeeRepository
Next:Deleting the elements of the copy array one by one with a button and adding the deleted element to a
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding