-
Notifications
You must be signed in to change notification settings - Fork 6.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Admin user/password from environment variables is broken #10421
Comments
Additional infos:
So while checking if the user exists, there seems to be no additional character at the username "admin". Hope this helps. |
that's really weird. i've just overhauled the openshift quickstart and deploying the yaml to CRC (OpenShift 4.7) worked like a charm. also logging in with the credentials set by env vars, for sure. Also @andreaTP and @vmuzikar are using minikube for the operator tests afaik and it works there. So my best guess is this has sth to do with the local environment of yours, but not sure without more info. Would be great if you could show us e.g. configuration / yaml / or more general give us steps to reproduce this. thank you. |
Hi @Brezensalzer , I have just developed integration tests on this subject, you can have a look on those here: #10661 The
The only additional question I have is about special characters, given e.g. #9519 you might need to properly escape special characters. |
Thank You for your answers! @andreaTP |
@Brezensalzer have a quick recovery! In this case everything should work and is tested in CI, if it doesn't, we should find the missing invariant. |
Mystery solved... It depends on how the secret (base64 string) for OpenShift is created on the Linux shell:
The base64 string does contain a '\n' which was inserted by the echo command!
The echo Option "-n" does omit the '\n', the base64 string is now correct.
This different behavior is not a bug, but it should be documented to warn others about this nasty pitfall... |
Thanks for the detailed explanation @Brezensalzer ! I do consider "preserving the \n" the most correct behaviour, are you following any guide we should update to avoid this pitfall? |
@andreaTP "correct behavior" ... almost a philosophical question ;-) |
@Brezensalzer do you agree in closing this issue? |
Yes, of course. We can close this issue. |
Describe the bug
Version 17.0.0 Quarkus
Plattform: OpenShift 4.x
Database: Postgresql (EDB) 12.x
When deploying keycloak in OpenShift, the admin user/password - as specified by KEYCLOAK_ADMIN/KEYCLOAK_ADMIN_PASSWORD environment variables - is saved with an additional character in the database. A login on the security console is not possible. The log says unknown user.
E.g. when using admin/admin, a check in the database gives no result:
select * from users_entity where username='admin'
But
select * from users_entity where username like 'admin%' gives a result.
Version
17.0.0
Expected behavior
login with admin_user/password is possible
Actual behavior
login is not possible, "unknown user"
How to Reproduce?
Deploy keycloak 17.0.0 in OpenShift or Kubernetes and set KEYCLOAK_ADMIN and KEYCLOAK_ADMIN_PASSWORD to initial values.
Anything else?
No problems at all with 17.0.0-legacy.
The text was updated successfully, but these errors were encountered: