'"You need local access to create the initial admin user" error while keycloak startup in docker
While starting keycloak server on docker, I am getting this error: "You need local access to create the initial admin user". But running it locally, it's working fine.
Another thing is that if I want to use Postgres db instead of embedded H2 db then should I create tables to store user, clients and scope, etc? If yes how can I get db structure for all tables?
Solution 1:[1]
You can let the container create the admin user by providing the environment variables KEYCLOAK_USER and KEYCLOAK_PASSWORD:
docker run -e KEYCLOAK_USER=<USERNAME> -e KEYCLOAK_PASSWORD=<PASSWORD> jboss/keycloak
Or add the account to an existing container( Service or container restart required afterwards) with:
docker exec <CONTAINER> /opt/jboss/keycloak/bin/add-user-keycloak.sh -u <USERNAME> -p <PASSWORD>
And either restart container
docker restart <container>
Or restart the service (@Madeo's answer)
docker exec -it <container> /opt/jboss/keycloak/bin/jboss-cli.sh --connect --command=:reload
The above commands come from the Keycloak Docker image page on Docker Hub.
Regarding your database question, you don't have to provide the tables by hand. You can refer to chapter 6 (§6.4, §6.5) of the Keycloak documentation for the details of how to configure a PostgreSQL DB.
Solution 2:[2]
- Open container bash console
cd /keycloak/bin
bash ./add-user-keycloak.sh -u admin
Enter desired password
Restart the container
Go to following URL for login
http://dockerIP:8080/auth/admin/
Solution 3:[3]
For Keycloak 17, you can use lynx locally to create the admin user:
lynx localhost:8080
Then just Tab to navigate fields and press Enter on the Create button:
Keycloak
Welcome to Keycloak
[user.png] Administration Console
Please create an initial admin user to get started.
Username ____________________
Password ____________________
Password confirmation ____________________
(BUTTON) Create
[user.png] Administration Console
Centrally manage all aspects of the Keycloak server
[admin-console.png] Documentation
User Guide, Admin REST API and Javadocs
[keycloak-project.png] Keycloak Project
[mail.png] Mailing List
[bug.png] Report an issue
JBoss and JBoss Community
Solution 4:[4]
The answer with docker is incomplete and it won't work
If you add the user via docker container you must restart jboss server
docker exec -it keycloak-container /opt/jboss/keycloak/bin/add-user-keycloak.sh -u admin -p admin
and then:
docker exec -it keycloak-container /opt/jboss/keycloak/bin/jboss-cli.sh --connect --command=:reload
Solution 5:[5]
This worked for me:
cd /opt/keycloak/bin
sudo ./add-user-keycloak.sh -u admin -p yourpass
Solution 6:[6]
None of the tips above worked. Finally I use Environment Variables:
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: admin
The full code of the docker-compose.yml:
version: '3'
volumes:
postgres_data:
driver: local
services:
postgres:
image: postgres
volumes:
- postgres_data:/var/lib/postgresql/data
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: password
keycloak:
image: quay.io/keycloak/keycloak:17.0.1
environment:
DB_VENDOR: POSTGRES
DB_ADDR: postgres
DB_DATABASE: keycloak
DB_USER: keycloak
DB_SCHEMA: public
DB_PASSWORD: password
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: admin
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: admin
entrypoint: ["/opt/keycloak/bin/kc.sh", "start-dev"]
ports:
- 8080:8080
depends_on:
- postgres
Solution 7:[7]
Open 'keycloak.conf' file from Keycloak folder (in my case keycloak-18.0.0/conf)
db-username=postgres
db-password=password
db-url=jdbc:postgresql://yourhostname:5432/keycloak-db-name
If you start keycloak service, postgres DB will be created automatically
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | |
| Solution 2 | NearHuscarl |
| Solution 3 | Paul |
| Solution 4 | Matteo |
| Solution 5 | Koushik Roy |
| Solution 6 | Hernaldo Gonzalez |
| Solution 7 | Emi OB |