Accessing the Keycloak Administration Panel

To access the Keycloak administration panel, complete these actions:

  1. Go to the IDP JBoss CLI:
    # kubectl exec -it $(kubectl get pods -o name -l app=idp-backend | cut -d'/' -f 2) -- sh /opt/jboss/keycloak/bin/jboss-cli.sh --connect
  2. Enter the following commands:
    # /subsystem=undertow/server=default-server/host=default-host/filter-ref=IM_adminPanel:remove()
    # /:reload

    For versions earlier than 1.5.23, change the filter-ref value to adminUrls:

    Important: Do not remove IM_private filter-ref.

  3. Log in to the panel using the following URL:

    https://<brand_domain>/auth/admin, for example: https://cidbe.brndff4f8cdb-f6d6cf.aqa.int.zone/auth/admin

    with the credentials: admin/<password>.

    Important: Do not open the administration panel if the master password is weak.

    Ensure that the keycloakadminpassword IDP Helm value contains a strong password (at least 15 characters, including uppercase letters, lowercase letters, numbers, and special characters). If the password is strong, no actions are required. If not, make it strong by completing the following actions:

    1. Generate a strong password using this command:
      # openssl rand -base64 20 | base64
    2. Download the master_realm_expose.py script to the management node.

    3. Copy this script to the IDP pod using this command:
      # kubectl cp master_realm_expose.py $(kubectl get pods -o name -l app=idp-backend | cut -d'/' -f 2):/opt/jboss/scripts/
    4. Drop the existing IDP master user by running this command from the management node:
      # kubectl exec $(kubectl get pods -o name -l app=idp-backend | cut -d'/' -f 2) -- bash -c "cd scripts && python /opt/jboss/scripts/master_realm_expose.py"
    5. Restart IDP with the master user password set:
      # helm upgrade idp-backend a8n/idp-backend --set keycloakadminpassword=<password>

    As a result, the IDP pod will be re-created with the master user re-created at startup. If not, drop the IDP pod manually.

    Important: If you run the master_realm_expose.py script again, the master user will be dropped again. If you set the same master user password with the helm upgrade command, the IDP pod will not be restarted and the master user will not be re-created. In this case, kill the pod to force its re-creation.