For IDP versions 4.0 or later
By default, the Keycloak admin web interface is only available if you access the web interface from containers idp-backend or idp-spi using the http://localhost:8082/auth/admin URL.
To access the web interface outside these containers in a Kubernetes environment, you need to run the following command:
kubectl exec `kubectl get pods -l app=idp-backend -o jsonpath={.items[0].metadata.name}` -c idp-spi -- curl -k -v http://localhost:8082/auth/realms/master/maintenance-api/enableRestrictedApis -X POST --data '{"enable":"false"}' --header "Content-Type: application/json"
After running this command, you can access the web interface using the following URL: https://<brand_domain>/auth/admin.
To disable the access to the web interface and return to the default configuration, run the command below:
kubectl exec `kubectl get pods -l app=idp-backend -o jsonpath={.items[0].metadata.name}` -c idp-spi -- curl -k -v http://localhost:8082/auth/realms/master/maintenance-api/enableRestrictedApis -X POST --data '{"enable":"true"}' --header "Content-Type: application/json"
For IDP versions earlier than 4.0
To access the Keycloak administration panel, complete these actions:
Warning: Do not log in to the administration panel with a weak password. To set a strong password, follow Setting the Keycloak Admin Password.
- Go to the IDP JBoss CLI:
# kubectl exec -it $(kubectl get pods -o name -l app=idp-backend | cut -d'/' -f 2) -- sh /opt/jboss/keycloak/bin/jboss-cli.sh --connect
- Enter the following commands:
# /subsystem=undertow/server=default-server/host=default-host/filter-ref=IM_adminPanel:remove()
# /:reloadWarning: To avoid potential security risks, do not remove
filter-ref=IM_private. -
Log in to the panel using the following URL and the admin/<password>:
https://<brand_domain>/auth/admin, for example:https://cidbe.brndff4f8cdb-f6d6cf.aqa.int.zone/auth/admin