The Keycloak admin password must be strong: at least 15 characters, including uppercase letters, lowercase letters, numbers, and special characters.
For IDP versions 4.0 or later
To set a strong password for the Keycloak admin user, follow these steps:
-
Generate a strong password using this command:
# openssl rand -base64 20 | base64
-
Access the Keycloak Admin page using the old admin user password:
https://<brand_domain>/auth/admin
For example, https://cidbe.brndff4f8cdb-f6d6cf.aqa.int.zone/auth/admin
-
Click Users in the menu. The Users page will be displayed.
-
Select the admin user
-
Click the Credentials tab
-
Click on the Reset password button
-
Type the newPassword twice and the click the Save button
-
Click the Reset password button to confirm the change
-
-
Update config.yaml:
components: idp-backend: keycloakadminpassword: <newpassword>
-
Run the update:
#setup-product.sh -f config.yaml -c idp-backend
As a result, the IDP pod will be recreated with the new password. If something goes wrong, you may drop the IDP pod manually.
For IDP versions earlier than 4.0
To set a strong password for the Keycloak admin user:
- Generate a strong password using this command:
# openssl rand -base64 20 | base64
- Drop the existing IDP master user by running this command from the kubectl console:
# kubectl exec $(kubectl get pods -o name -l app=idp-backend | cut -d'/' -f 2) -- bash -c "cd scripts && python /opt/jboss/scripts/master_realm_expose.py"
-
Update config.yaml:
components: idp-backend: keycloakadminpassword: <newpassword> -
Run the update:
setup-product.sh -f config.yaml -c idp-backend
As a result, the IDP pod will be re-created with the master user re-created at startup. If not, drop the IDP pod manually.
Important: If you run the master_realm_expose.py script again, the master user will be dropped again.