Skip to content

Instantly share code, notes, and snippets.

@dmartinol

dmartinol/RHSSO-wrong-admin-password.md

Last active August 5, 2022 10:41
Show Gist options
  • Save dmartinol/e3f2bf7e42833d1b93a754e498ade2e7 to your computer and use it in GitHub Desktop.
Save dmartinol/e3f2bf7e42833d1b93a754e498ade2e7 to your computer and use it in GitHub Desktop.
Download ZIP
#rhsso #openshift #operator RHSSO wrong admin password
Raw
RHSSO-wrong-admin-password.md

Workaround for wrong admin password with RHSSO

Scenario

  • RHSSO installed using the (legacy) RH Single Sign-On operator version 7.x on OpenShift
  • You install the RHSSO instance several times using the same database
    • Typical use case: deployment with helm install and then helm upgrade

Symptom

  • All login attempts to the RHSSO console fail with Invalid username or password error message
  • As a side effect, the RHSSO operator might not be able to reconcile the updated custom resources with the RHSSO configuration, with Invalid user credentials error

Rout cause

A new password is generated in the ADMIN_PASSWORD property of the credential-rhsso Secret for the admin user, but the DB record storing the credential information for this user is not updated with the same data.

Workaround

Follow these instructions to reset the password for the admin user:

  • In the RHSSO namespace, open the terminal console for the Pod keycloak-0
  • Run these commands to create a test user with password test123:
/opt/eap/bin/add-user-keycloak.sh -u test -p test123
/opt/eap/bin/jboss-cli.sh --connect --command=reload
  • Login to the RHSSO console with the new test/test123 credentials
  • Reset the password of the admin user in the Master realm to match the value of the ADMIN_PASSWORD property in the credential-rhsso Secret
  • At the end, you can delete the test user in the Master realm
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment