I had JBoss installed a while ago so I eventually forgot the password and username used for managing it (I mean the management console on port 9990).
I tried to reset the password by running the add-user.sh script but messed it up and now every user I add is created in the admin realm:
Enter the details of the new user to add.
Using realm 'admin' as discovered from the existing property files.
I do not need this realm, I just need the admin user to manage JBoss (presumably, this is the Management realm).
I tried to do the following:
Removed the admin line from mgmt-users.properties and mgmt-groups.properties in the standalone/configuration and domain/configuration
Tried to find the 'admin' realm in standalone.xml and standalone-full.xml but to no avail.
My question is how to create/reset the password of admin in the Management at last?
Also, where can I find the existing property files that JBoss mentions and override it to make it use the Management realm instead?
Had to reinstall JBoss and the problem gone.
Related
I have implemented a custom Keycloak UserStorageProvider SPI (following point 11 of official Doc: https://www.keycloak.org/docs/latest/server_development/index.html#_user-storage-spi) which does following:
Authenticate users (not previously existing on the local store) against an
external auth service.
Save the (successfully authenticated against our custom service) user into
the Keycloak local store.
After the users have been imported on keycloak's local store (after users
successfully loged themselves in), the admins are then able to map roles
to those users for resource authorization from keycloak's admin console.
The problem I'm running into is following: Step 1 and 2 work perfectly. And regarding step 3, I can log myself successfully with a user that was saved on the keycloak's local store (after finding it on the external UserProvider), BUT (an here lies the crux of the problem); as soon as I add any role to that imported user, then I can't log myself anymore into that account and the logs show that my custom UserStorageProvider isn't being used anymore from that point onwards when login for that user. Somehow attaching a role to that user makes him invisible to my custom UserStorageProvider (even if I delete the role/(s) again).
In the best case scenario I'm trying to achieve, I'd be able to "log in" with the user (saved locally after authenticated form external SPI), even after assigning roles to him.
Any feedback would be greatly appreciated!!
Thanks in advance for your suggestions.
In the case somebody has this problem in the future, when you implement a provider SPI, you have 2 options as the doc mentions. Federated Store and importing users to the local Keycloak store. If you go with the importing/synching strategy, it is necessary to set federation link to the provider like this:
<UserModel instance>.setFederationLink(<ComponentModel id>);
If you don't do this, then Keycloak can't "remember" that those imported users should be handled by your provider SPI, and in general you won't have the expected behaviour out of your custom Provider SPI.
I am currently working with JBoss 6.2. I am trying to add a user so that I can access the Webconsole of Jboss. This is how I added a user :
[user#server bin]$ ./add-user.sh
What type of user do you wish to add?
a) Management User (mgmt-users.properties)
b) Application User (application-users.properties)
(a):
Enter the details of the new user to add.
Using realm 'ManagementRealm' as discovered from the existing property files.
Username : adminuser
Password :
Re-enter Password :
What groups do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[ ]: admin
About to add user 'adminuser' for realm 'ManagementRealm'
Is this correct yes/no? yes
Added user 'adminuser' to file '/local/jboss-eap- 6.2/standalone/configuration/mgmt-users.properties'
Added user 'adminuser' to file '/local/jboss-eap-6.2/domain/configuration/mgmt-users.properties'
Added user 'adminuser' with groups admin to file '/local/jboss-eap-6.2/standalone/configuration/mgmt-groups.properties'
Added user 'adminuser' with groups admin to file '/local/jboss-eap-6.2/domain/configuration/mgmt-groups.properties'
Is this new user going to be used for one AS process to connect to another AS process?
e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls.
yes/no? no
[user#server bin]$
I have tried this a number of times but when I access the server using:
server:9001/console/
It does not log me in.
How can I troubleshoot this ? Are there any relevant logs I can look into ? I even restarted JBoss but it did not help.
I can see that the entry exists in mgmt-users.properties.
adminuser=e6f48b3bbae149b83f233b4351242604
I am working on a third party Java application for which I need to authenticate its users using Active Directory.
This application is hosted on RHEL 6.5, and uses LDAP to authenticate with Windows Active Directory. The AD server has been set up, and is working fine with an earlier version of the application (which was configured to enable the integration).
For the newer version, the vendor has laid out some steps to modify/configure the application files to connect with the AD server, and which are expected to help us authenticate. After making required changes, we are only able to open the UI page, which does not accept the (correct) credentials, the page that helps us with application configuration is not accessible at all.
I am a newbie to this area, and as far as my understanding goes, I would just need to make the suggested changes, and not follow the steps presented in this document, as those are for authenticating the Linux users, and NOT the application's users. Could someone also please confirm the same.
Any help/guidance in this issue would be greatly appreciated.
Thanks very much!
Edit:
I am unable to provide details of the files as it is confidential property, but the changes have to be made in the server property files.
Kindly request more details if necessary, I will try my best to provide them as I can't disclose everything, citing confidentiality reasons.
Thank you very much.
Edit 2:
Have added more details with this edit, which are given below:
The application has one of its component as CAS, which is currently configured to use database as its authentication handler. When we enter the credentials - username: abcd, password: samplepswd, we are able to login successfully.
As the business requirement is that of authentication with Active Directory using LDAP, we have to modify the CAS properties file. As per instructions from the product vendor, we have changed the following properties to use ldap -
authenticationHandler.type=ldap
ldapSSLConfig.enabled=false
ldapContextSource.url=ldap://sample.ADserver.example.net:389
ldapContextSource.userDn=abcd
ldapContextSource.password=samplepswd
ldapAuthenticationHandler.filter=uid=%u
ldapAuthenticationHandler.searchBase=OU=DEF,OU=PQR,OU=XYZ,DC=ADserver,DC=example,DC=net
We also need to make changes in the casAuthConfig xml file for the following properties (as anonymous search is not supported):
1. anonymousReadOnly, value is set to false
2. java.naming.security.authentication, value is set to simple
There is provision to use ldap over SSL as well, but currently we are not using that.
However, if we do use SSL, additional changes have to be made to the following properties:
ldapSSLConfig.enabled=true
ldapSSLConfig.trustStorePath=/home/dir1/subdir1/subdir2/keystorename.keystore
ldapSSLConfig.trustStoreType=jceks
These are the only configuration changes done on our (client) side; and in fact the only changes done. Nothing has been added/modified on the server (AD server), except another user, but that has no impact on the existing setup.
After restarting cas to reflect the changes, we encounter the error of bad credentials, although the values entered are correct:
2015-09-16 12:12:30,558 INFO [com.emeter.cas.authentication.support.DelegatingAuthenticationHandler] - Authenticating credential using handler
com.emeter.cas.adaptors.ldappwd.BindLdapAuthenticationHandler
2015-09-16 12:12:30,558 DEBUG [com.emeter.cas.authentication.support.DelegatingAuthenticationHandler] - credentials.getUsername() = abcd
2015-09-16 12:12:30,672 INFO [com.emeter.cas.adaptors.ldappwd.BindLdapAuthenticationHandler] - Search for cn=abcd returned 0 results.
2015-09-16 12:12:30,672 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - AuthenticationHandler:
com.emeter.cas.authentication.support.DelegatingAuthenticationHandler failed to authenticate the user which provided the following credentials:
[username: abcd]
2015-09-16 12:12:30,676 ERROR [org.jasig.cas.integration.restlet.TicketResource] - error.authentication.credentials.bad
org.jasig.cas.ticket.TicketCreationException: error.authentication.credentials.bad
at org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket_aroundBody10(CentralAuthenticationServiceImpl.java:423)
Can anybody please help with this issue? Or possibly point in the right direction?
Any help would be greatly appreciated.
Thank you.
I have a WSO2 Identiy server installed and i have written some java code to get user information with oauth 2. For this I am using OLTU. I have connected correctly and after negotiating the access_code, I ask for the userinfo endpoint like this:
https://<serverIP>:9443/oauth2/userinfo?schema=openid
I get user info correctly in JSON format:
{"email":"xxxx#xxx.aa","name":"xxx","family_name":"xx","preferred_username":"xxx","given_name":"xx"}
What I find is that no role information is returned. I have created some custom roles and asigned the users. They don't have any permisions asigned.
Do I have to configure anything in the server? The request has to be made in any other way? What am I doing wrong?
There are two ways to add this claim mapping. It's depends on your requirement.
To get this done has to add a role claim mapping under "http://wso2.org/oidc/claim" claim dialect. This can be done in following ways
Case 1 : For fresh WSO2IS before first startup
Go to <IS_HOME>/repository/conf/claim-config.xml file<br/>
Add following configuration under <Dialect dialectURI="http://wso2.org/oidc/claim"><br/>
<Claim>
<ClaimURI>Roles</ClaimURI>
<DisplayName>Roles</DisplayName>
<AttributeID>role</AttributeID>
<Description>role of the user</Description>
<DisplayOrder>10</DisplayOrder>
<SupportedByDefault />
</Claim>
Case 2: For already running server.
Login to the Identity server management console as admin user.
Click the Configure button to access the Configure menu
Click on http://wso2.org/oidc/claim Dialect.
Click on "Add New Claim Mapping" and set the above details.
(There you will get an error which is known issues. But that value will store. Then again edit it and set Mapped Attribute again)
Then restart the server. Now you can get user info with roles
Well, more than a question this is an answer, I was trying to see for Glassfish 4.0 default admin password to access its console but I didn't find any satisfactory answer, some suggested to change admin-keyfile on glasssfish folder which can also work... anyhow... here it is how I did it...
well, it turns out that it HAS a default password in the most recent version of netbeans, I discover that it is self-generated and it's not generic, to see your password go to services tab and then right click on your glassfish 4.0 server, then choose properties and then you'll see your password stored there on the common tab, click on show and you'll have your password...
hope to help you guys!
[root#ip-172-31-20-218 bin]# ./asadmin change-admin-password
Enter admin user name [default: admin]>admin
Enter the admin password>**[Note: as default password for admin in Glassfish 4.0 is blank, you need to press enter key only. Do not type any thing.]**
Enter the new admin password>
Enter the new admin password again>
Command change-admin-password executed successfully.
I have used eclipse. I got the same issue I resolved it by doing the following.
For a fresh download of glassfish4.zip
Go to Glassfish_home/bin
Run asadmin start-domain
Open up http://localhost:4848
Click on Domain
Click on Administration Password
Give the new password and confirm
In the command prompt Run asaadmin stop-domain
Open the server in eclipse and give the username and password and start the server.
I faced the same problem. And I solved it using a small trick. I removed the server installed with NetBeans from the interface and the added another. When you do this you may create a personal domain. And in this personal domain the anonymouns login is already enabled, with no password at all.
I know this is not a good solution, but it is a solution nonetheless.
Hope it helps!
PS: At least in my NetBeans 7.4 for Linux, sometimes when I leave NetBeans the servers won't go down. Then you have to kill their processes, or else you won't manage to install another due to port conflicts. It's a tricky thing to find the process of the server. When you use "ps -A" the name of the process is only "java", with no clue it is the server.
As I know default glassfish password is 'changeit' for master admin and is empty for domain admin (with login admin by default). If you mean this password try this.