From 4970a9b7293359bb813accb16e12d4938d1928f5 Mon Sep 17 00:00:00 2001 From: Steven Hawkins Date: Thu, 11 Jul 2024 12:07:57 -0400 Subject: [PATCH] fix: deprecate KEYCLOAK_ADMIN and KEYCLOAK_ADMIN_PASSWORD closes: #30658 Signed-off-by: Steve Hawkins Signed-off-by: Steven Hawkins Co-authored-by: Jon Koops --- .github/workflows/js-ci.yml | 8 ++++---- .../topics/assembly-creating-first-admin.adoc | 6 +++--- .../upgrading/topics/changes/changes-26_0_0.adoc | 4 ++++ .../getting-started-openshift.adoc | 4 ++-- .../templates/start-keycloak-container.adoc | 2 +- .../examples/generated/keycloak-ispn.yaml | 4 ++-- .../examples/generated/keycloak.yaml | 4 ++-- docs/guides/migration/migrating-to-quarkus.adoc | 2 +- docs/guides/server/configuration.adoc | 2 +- docs/guides/server/containers.adoc | 16 ++++++++-------- js/apps/keycloak-server/scripts/start-server.js | 4 ++-- .../it/cli/dist/BuildAndStartDistTest.java | 8 ++++---- .../org/keycloak/it/cli/dist/FipsDistTest.java | 8 ++++---- .../keycloak/it/cli/dist/HostnameV1DistTest.java | 2 +- .../it/cli/dist/ProxyHostnameV1DistTest.java | 2 +- .../it/cli/dist/ProxyHostnameV2DistTest.java | 2 +- .../services/resources/WelcomeResource.java | 2 +- .../server/EmbeddedKeycloakTestServer.java | 6 +++--- ...KeycloakQuarkusServerDeployableContainer.java | 4 ++-- .../resources/theme/keycloak/welcome/index.ftl | 2 +- 20 files changed, 48 insertions(+), 44 deletions(-) diff --git a/.github/workflows/js-ci.yml b/.github/workflows/js-ci.yml index 1fbdeb57ad..b61c99e1e7 100644 --- a/.github/workflows/js-ci.yml +++ b/.github/workflows/js-ci.yml @@ -174,8 +174,8 @@ jobs: tar xfvz keycloak-999.0.0-SNAPSHOT.tar.gz keycloak-999.0.0-SNAPSHOT/bin/kc.sh start-dev --features=transient-users,oid4vc-vci &> ~/server.log & env: - KEYCLOAK_ADMIN: admin - KEYCLOAK_ADMIN_PASSWORD: admin + KC_BOOTSTRAP_ADMIN_USERNAME: admin + KC_BOOTSTRAP_ADMIN_PASSWORD: admin - name: Install Playwright browsers run: pnpm --fail-if-no-match --filter ${{ env.WORKSPACE }} exec playwright install --with-deps @@ -268,8 +268,8 @@ jobs: tar xfvz keycloak-999.0.0-SNAPSHOT.tar.gz keycloak-999.0.0-SNAPSHOT/bin/kc.sh start-dev --features=admin-fine-grained-authz,transient-users &> ~/server.log & env: - KEYCLOAK_ADMIN: admin - KEYCLOAK_ADMIN_PASSWORD: admin + KC_BOOTSTRAP_ADMIN_USERNAME: admin + KC_BOOTSTRAP_ADMIN_PASSWORD: admin - name: Start LDAP server run: pnpm --fail-if-no-match --filter ${{ env.WORKSPACE }} cy:ldap-server & diff --git a/docs/documentation/server_admin/topics/assembly-creating-first-admin.adoc b/docs/documentation/server_admin/topics/assembly-creating-first-admin.adoc index 1cb5a28619..64c9131198 100644 --- a/docs/documentation/server_admin/topics/assembly-creating-first-admin.adoc +++ b/docs/documentation/server_admin/topics/assembly-creating-first-admin.adoc @@ -19,13 +19,13 @@ image:images/initial-welcome-page.png[Welcome page] === Creating the account remotely -If you cannot access the server from a `localhost` address or just want to start {project_name} from the command line, use the `KEYCLOAK_ADMIN` and `KEYCLOAK_ADMIN_PASSWORD` environment variables to create an initial admin account. +If you cannot access the server from a `localhost` address or just want to start {project_name} from the command line, use the `KC_BOOTSTRAP_ADMIN_USERNAME` and `KC_BOOTSTRAP_ADMIN_PASSWORD` environment variables to create an initial admin account. For example: [source,bash] ---- -export KEYCLOAK_ADMIN= -export KEYCLOAK_ADMIN_PASSWORD= +export KC_BOOTSTRAP_ADMIN_USERNAME= +export KC_BOOTSTRAP_ADMIN_PASSWORD= bin/kc.[sh|bat] start ---- diff --git a/docs/documentation/upgrading/topics/changes/changes-26_0_0.adoc b/docs/documentation/upgrading/topics/changes/changes-26_0_0.adoc index 242b572f0d..3684e6b6c4 100644 --- a/docs/documentation/upgrading/topics/changes/changes-26_0_0.adoc +++ b/docs/documentation/upgrading/topics/changes/changes-26_0_0.adoc @@ -75,3 +75,7 @@ If you are migrating from previous versions where any of the following settings * `connectionPoolingDebug` For more details, see link:{adminguide_link}#_ldap_connection_pool[Configuring the connection pool]. + += Admin Bootstrapping + +The environment variables `KEYCLOAK_ADMIN` and `KEYCLOAK_ADMIN_PASSWORD` have been deprecated. You should use `KC_BOOTSTRAP_ADMIN_USERNAME` and `KC_BOOTSTRAP_ADMIN_PASSWORD` instead. These are also general options, so they may be specified via the cli or other config sources, for example `--bootstrap-admin-username=admin`. \ No newline at end of file diff --git a/docs/guides/getting-started/getting-started-openshift.adoc b/docs/guides/getting-started/getting-started-openshift.adoc index 8b341d3ec7..7aac267397 100644 --- a/docs/guides/getting-started/getting-started-openshift.adoc +++ b/docs/guides/getting-started/getting-started-openshift.adoc @@ -51,8 +51,8 @@ oc new-project keycloak [source,bash,subs="attributes+"] ---- oc process -f https://raw.githubusercontent.com/keycloak/keycloak-quickstarts/latest/openshift/keycloak.yaml \ - -p KEYCLOAK_ADMIN=admin \ - -p KEYCLOAK_ADMIN_PASSWORD=admin \ + -p KC_BOOTSTRAP_ADMIN_USERNAME=admin \ + -p KC_BOOTSTRAP_ADMIN_PASSWORD=admin \ -p NAMESPACE=keycloak \ | oc create -f - ---- diff --git a/docs/guides/getting-started/templates/start-keycloak-container.adoc b/docs/guides/getting-started/templates/start-keycloak-container.adoc index c67ff16a72..f66392974d 100644 --- a/docs/guides/getting-started/templates/start-keycloak-container.adoc +++ b/docs/guides/getting-started/templates/start-keycloak-container.adoc @@ -4,7 +4,7 @@ From a terminal, enter the following command to start {project_name}: [source,bash,subs="attributes+"] ---- -{containerCommand} run -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:{version} start-dev +{containerCommand} run -p 8080:8080 -e KC_BOOTSTRAP_ADMIN_USERNAME=admin -e KC_BOOTSTRAP_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:{version} start-dev ---- This command starts {project_name} exposed on the local port 8080 and creates an initial admin user with the username `admin` diff --git a/docs/guides/high-availability/examples/generated/keycloak-ispn.yaml b/docs/guides/high-availability/examples/generated/keycloak-ispn.yaml index 14f94e6218..8197e5f828 100644 --- a/docs/guides/high-availability/examples/generated/keycloak-ispn.yaml +++ b/docs/guides/high-availability/examples/generated/keycloak-ispn.yaml @@ -496,13 +496,13 @@ spec: containers: - env: # We want to have an externally provided username and password, therefore, we override those two environment variables - - name: KEYCLOAK_ADMIN + - name: KC_BOOTSTRAP_ADMIN_USERNAME valueFrom: secretKeyRef: name: keycloak-preconfigured-admin key: username optional: false - - name: KEYCLOAK_ADMIN_PASSWORD + - name: KC_BOOTSTRAP_ADMIN_PASSWORD valueFrom: secretKeyRef: name: keycloak-preconfigured-admin diff --git a/docs/guides/high-availability/examples/generated/keycloak.yaml b/docs/guides/high-availability/examples/generated/keycloak.yaml index edf05f628f..b8c9aa235f 100644 --- a/docs/guides/high-availability/examples/generated/keycloak.yaml +++ b/docs/guides/high-availability/examples/generated/keycloak.yaml @@ -469,13 +469,13 @@ spec: containers: - env: # We want to have an externally provided username and password, therefore, we override those two environment variables - - name: KEYCLOAK_ADMIN + - name: KC_BOOTSTRAP_ADMIN_USERNAME valueFrom: secretKeyRef: name: keycloak-preconfigured-admin key: username optional: false - - name: KEYCLOAK_ADMIN_PASSWORD + - name: KC_BOOTSTRAP_ADMIN_PASSWORD valueFrom: secretKeyRef: name: keycloak-preconfigured-admin diff --git a/docs/guides/migration/migrating-to-quarkus.adoc b/docs/guides/migration/migrating-to-quarkus.adoc index ff098d5382..18fd1dc666 100644 --- a/docs/guides/migration/migrating-to-quarkus.adoc +++ b/docs/guides/migration/migrating-to-quarkus.adoc @@ -49,7 +49,7 @@ However, there is also an auto build mode that makes Keycloak behave more or les The Keycloak Wildfly distribution contained scripts named `add-user-keycloak.sh` to add initial users to Keycloak. These are no longer included in the Quarkus distribution. -To add the initial admin user, set the environment variables `KEYCLOAK_ADMIN` and `KEYCLOAK_ADMIN_PASSWORD` for the username and password of the user. +To add the initial admin user, set the environment variables `KC_BOOTSTRAP_ADMIN_USERNAME` and `KC_BOOTSTRAP_ADMIN_PASSWORD` for the username and password of the user. Keycloak uses them at the first startup to create an initial user with administration rights. Once the first user with administrative rights exists, use the command line tool `kcadm.sh` (Linux) or `kcadm.bat` (Windows) to create additional users. diff --git a/docs/guides/server/configuration.adoc b/docs/guides/server/configuration.adoc index 33b6a7629d..7b59f5122a 100644 --- a/docs/guides/server/configuration.adoc +++ b/docs/guides/server/configuration.adoc @@ -194,7 +194,7 @@ Before deploying {project_name} in a production environment, make sure to follow By default, example configuration options for the production mode are commented out in the default `conf/keycloak.conf` file. These options give you an idea about the main configuration to consider when running {project_name} in production. == Creating the initial admin user -You can create the initial admin user by using the web frontend, which you access using a local connection (localhost). You can instead create this user by using environment variables. Set `KEYCLOAK_ADMIN=__` for the initial admin username and `KEYCLOAK_ADMIN_PASSWORD=__` for the initial admin password. +You can create the initial admin user by using the web frontend, which you access using a local connection (localhost). You can instead create this user by using environment variables. Set `KC_BOOTSTRAP_ADMIN_USERNAME=__` for the initial admin username and `KC_BOOTSTRAP_ADMIN_PASSWORD=__` for the initial admin password. {project_name} parses these values at first startup to create an initial user with administrative rights. Once the first user with administrative rights exists, you can use the Admin Console or the command line tool `kcadm.[sh|bat]` to create additional users. diff --git a/docs/guides/server/containers.adoc b/docs/guides/server/containers.adoc index be2cdc0164..4fc420b0f0 100644 --- a/docs/guides/server/containers.adoc +++ b/docs/guides/server/containers.adoc @@ -134,7 +134,7 @@ To start the image, run: [source, bash] ---- podman|docker run --name mykeycloak -p 8443:8443 -p 9000:9000 \ - -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=change_me \ + -e KC_BOOTSTRAP_ADMIN_USERNAME=admin -e KC_BOOTSTRAP_ADMIN_PASSWORD=change_me \ mykeycloak \ start --optimized ---- @@ -155,7 +155,7 @@ If you want to expose the container using a different port, you need to set the [source, bash] ---- podman|docker run --name mykeycloak -p 3000:8443 \ - -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=change_me \ + -e KC_BOOTSTRAP_ADMIN_USERNAME=admin -e KC_BOOTSTRAP_ADMIN_PASSWORD=change_me \ mykeycloak \ start --optimized --hostname-port=3000 ---- @@ -169,7 +169,7 @@ You use the `start-dev` command: [source,bash,subs="attributes+"] ---- podman|docker run --name mykeycloak -p 8080:8080 \ - -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=change_me \ + -e KC_BOOTSTRAP_ADMIN_USERNAME=admin -e KC_BOOTSTRAP_ADMIN_PASSWORD=change_me \ quay.io/keycloak/keycloak:{containerlabel} \ start-dev ---- @@ -188,7 +188,7 @@ For example: [source,bash,subs="attributes+"] ---- podman|docker run --name mykeycloak -p 8080:8080 \ - -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=change_me \ + -e KC_BOOTSTRAP_ADMIN_USERNAME=admin -e KC_BOOTSTRAP_ADMIN_PASSWORD=change_me \ quay.io/keycloak/keycloak:{containerlabel} \ start \ --db=postgres --features=token-exchange \ @@ -208,10 +208,10 @@ This approach significantly increases startup time and creates an image that is [source, bash] ---- # setting the admin username --e KEYCLOAK_ADMIN= +-e KC_BOOTSTRAP_ADMIN_USERNAME= # setting the initial password --e KEYCLOAK_ADMIN_PASSWORD=change_me +-e KC_BOOTSTRAP_ADMIN_PASSWORD=change_me ---- == Importing A Realm On Startup @@ -221,7 +221,7 @@ The {project_name} containers have a directory `/opt/keycloak/data/import`. If y [source,bash,subs="attributes+"] ---- podman|docker run --name keycloak_unoptimized -p 8080:8080 \ - -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=change_me \ + -e KC_BOOTSTRAP_ADMIN_USERNAME=admin -e KC_BOOTSTRAP_ADMIN_PASSWORD=change_me \ -v /path/to/realm/data:/opt/keycloak/data/import \ quay.io/keycloak/keycloak:{containerlabel} \ start-dev --import-realm @@ -250,7 +250,7 @@ For example, you can specify the environment variable and memory limit as follow [source,bash,subs="attributes+"] ---- podman|docker run --name mykeycloak -p 8080:8080 -m 1g \ - -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=change_me \ + -e KC_BOOTSTRAP_ADMIN_USERNAME=admin -e KC_BOOTSTRAP_ADMIN_PASSWORD=change_me \ -e JAVA_OPTS_KC_HEAP="-XX:MaxHeapFreeRatio=30 -XX:MaxRAMPercentage=65" \ quay.io/keycloak/keycloak:{containerlabel} \ start-dev diff --git a/js/apps/keycloak-server/scripts/start-server.js b/js/apps/keycloak-server/scripts/start-server.js index 6e2014082f..d1cf03a931 100755 --- a/js/apps/keycloak-server/scripts/start-server.js +++ b/js/apps/keycloak-server/scripts/start-server.js @@ -37,8 +37,8 @@ async function startServer() { await downloadServer(scriptArgs.local); const env = { - KEYCLOAK_ADMIN: ADMIN_USERNAME, - KEYCLOAK_ADMIN_PASSWORD: ADMIN_PASSWORD, + KC_BOOTSTRAP_ADMIN_USERNAME: ADMIN_USERNAME, + KC_BOOTSTRAP_ADMIN_PASSWORD: ADMIN_PASSWORD, ...process.env, }; diff --git a/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/BuildAndStartDistTest.java b/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/BuildAndStartDistTest.java index 8a2c5c3fcb..831dc28a7c 100644 --- a/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/BuildAndStartDistTest.java +++ b/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/BuildAndStartDistTest.java @@ -69,14 +69,14 @@ public class BuildAndStartDistTest { } @Test - @WithEnvVars({"KEYCLOAK_ADMIN", "admin123", "KEYCLOAK_ADMIN_PASSWORD", "admin123"}) + @WithEnvVars({"KC_BOOTSTRAP_ADMIN_USERNAME", "admin123", "KC_BOOTSTRAP_ADMIN_PASSWORD", "admin123"}) @Launch({"start-dev"}) void testCreateAdmin(KeycloakDistribution dist, LaunchResult result) { assertAdminCreation(dist, result, "admin123", "admin123", "admin123"); } @Test - @WithEnvVars({"KEYCLOAK_ADMIN", "admin123", "KEYCLOAK_ADMIN_PASSWORD", "admin123"}) + @WithEnvVars({"KC_BOOTSTRAP_ADMIN_USERNAME", "admin123", "KC_BOOTSTRAP_ADMIN_PASSWORD", "admin123"}) @Launch({"start-dev"}) void testCreateDifferentAdmin(KeycloakDistribution dist, LaunchResult result) { assertAdminCreation(dist, result, "admin123", "new-admin", "new-admin"); @@ -86,8 +86,8 @@ public class BuildAndStartDistTest { assertTrue(result.getOutput().contains("Created temporary admin user with username " + initialUsername), () -> "The Output:\n" + result.getOutput() + "doesn't contains the expected string."); - dist.setEnvVar("KEYCLOAK_ADMIN", nextUsername); - dist.setEnvVar("KEYCLOAK_ADMIN_PASSWORD", password); + dist.setEnvVar("KC_BOOTSTRAP_ADMIN_USERNAME", nextUsername); + dist.setEnvVar("KC_BOOTSTRAP_ADMIN_PASSWORD", password); CLIResult cliResult = dist.run("start-dev", "--log-level=org.keycloak.services:debug"); cliResult.assertNoMessage("Added temporary admin user '"); diff --git a/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/FipsDistTest.java b/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/FipsDistTest.java index d2630e935d..2b90cb9611 100644 --- a/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/FipsDistTest.java +++ b/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/FipsDistTest.java @@ -50,8 +50,8 @@ public class FipsDistTest { @Test void testFipsApprovedModePasswordFails(KeycloakDistribution dist) { runOnFipsEnabledDistribution(dist, () -> { - dist.setEnvVar("KEYCLOAK_ADMIN", "admin"); - dist.setEnvVar("KEYCLOAK_ADMIN_PASSWORD", "admin"); + dist.setEnvVar("KC_BOOTSTRAP_ADMIN_USERNAME", "admin"); + dist.setEnvVar("KC_BOOTSTRAP_ADMIN_PASSWORD", "admin"); CLIResult cliResult = dist.run("start", "--fips-mode=strict"); cliResult.assertStarted(); @@ -65,8 +65,8 @@ public class FipsDistTest { @Test void testFipsApprovedModePasswordSucceeds(KeycloakDistribution dist) { runOnFipsEnabledDistribution(dist, () -> { - dist.setEnvVar("KEYCLOAK_ADMIN", "admin"); - dist.setEnvVar("KEYCLOAK_ADMIN_PASSWORD", "adminadminadmin"); + dist.setEnvVar("KC_BOOTSTRAP_ADMIN_USERNAME", "admin"); + dist.setEnvVar("KC_BOOTSTRAP_ADMIN_PASSWORD", "adminadminadmin"); CLIResult cliResult = dist.run("start", "--fips-mode=strict"); cliResult.assertStarted(); diff --git a/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/HostnameV1DistTest.java b/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/HostnameV1DistTest.java index d0176b5fad..729ff7a63e 100644 --- a/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/HostnameV1DistTest.java +++ b/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/HostnameV1DistTest.java @@ -39,7 +39,7 @@ import static io.restassured.RestAssured.when; import static org.hamcrest.MatcherAssert.assertThat; @DistributionTest(keepAlive = true, enableTls = true, defaultOptions = { "--http-enabled=true", "--features=hostname:v1" }) -@WithEnvVars({"KEYCLOAK_ADMIN", "admin123", "KEYCLOAK_ADMIN_PASSWORD", "admin123"}) +@WithEnvVars({"KC_BOOTSTRAP_ADMIN_USERNAME", "admin123", "KC_BOOTSTRAP_ADMIN_PASSWORD", "admin123"}) @RawDistOnly(reason = "Containers are immutable") public class HostnameV1DistTest { diff --git a/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/ProxyHostnameV1DistTest.java b/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/ProxyHostnameV1DistTest.java index 0c0d2e088a..ac99ebbd0c 100644 --- a/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/ProxyHostnameV1DistTest.java +++ b/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/ProxyHostnameV1DistTest.java @@ -35,7 +35,7 @@ import static io.restassured.RestAssured.when; import static org.hamcrest.Matchers.containsString; @DistributionTest(keepAlive = true, enableTls = true, defaultOptions = "--features=hostname:v1") -@WithEnvVars({"KEYCLOAK_ADMIN", "admin123", "KEYCLOAK_ADMIN_PASSWORD", "admin123"}) +@WithEnvVars({"KC_BOOTSTRAP_ADMIN_USERNAME", "admin123", "KC_BOOTSTRAP_ADMIN_PASSWORD", "admin123"}) @RawDistOnly(reason = "Containers are immutable") public class ProxyHostnameV1DistTest { diff --git a/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/ProxyHostnameV2DistTest.java b/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/ProxyHostnameV2DistTest.java index 40df15c53f..9fa5cdb488 100644 --- a/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/ProxyHostnameV2DistTest.java +++ b/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/ProxyHostnameV2DistTest.java @@ -35,7 +35,7 @@ import static io.restassured.RestAssured.when; import static org.hamcrest.Matchers.containsString; @DistributionTest(keepAlive = true, enableTls = true) -@WithEnvVars({"KEYCLOAK_ADMIN", "admin123", "KEYCLOAK_ADMIN_PASSWORD", "admin123"}) +@WithEnvVars({"KC_BOOTSTRAP_ADMIN_USERNAME", "admin123", "KC_BOOTSTRAP_ADMIN_PASSWORD", "admin123"}) @RawDistOnly(reason = "Containers are immutable") public class ProxyHostnameV2DistTest { diff --git a/services/src/main/java/org/keycloak/services/resources/WelcomeResource.java b/services/src/main/java/org/keycloak/services/resources/WelcomeResource.java index 9060fc26d8..b36a81f876 100755 --- a/services/src/main/java/org/keycloak/services/resources/WelcomeResource.java +++ b/services/src/main/java/org/keycloak/services/resources/WelcomeResource.java @@ -249,7 +249,7 @@ public class WelcomeResource { } protected String getAdminCreationMessage() { - return "or set the environment variables KEYCLOAK_ADMIN and KEYCLOAK_ADMIN_PASSWORD before starting the server"; + return "or set the environment variables KC_BOOTSTRAP_ADMIN_USERNAME and KC_BOOTSTRAP_ADMIN_PASSWORD before starting the server"; } private boolean shouldBootstrap() { diff --git a/test-poc/framework/src/main/java/org/keycloak/test/framework/server/EmbeddedKeycloakTestServer.java b/test-poc/framework/src/main/java/org/keycloak/test/framework/server/EmbeddedKeycloakTestServer.java index 98f54299bf..45667b29ca 100644 --- a/test-poc/framework/src/main/java/org/keycloak/test/framework/server/EmbeddedKeycloakTestServer.java +++ b/test-poc/framework/src/main/java/org/keycloak/test/framework/server/EmbeddedKeycloakTestServer.java @@ -13,9 +13,6 @@ public class EmbeddedKeycloakTestServer implements KeycloakTestServer { @Override public void start(KeycloakTestServerConfig serverConfig) { - serverConfig.adminUserName().ifPresent(username -> System.setProperty("keycloakAdmin", username)); - serverConfig.adminUserPassword().ifPresent(password -> System.setProperty("keycloakAdminPassword", password)); - List rawOptions = new LinkedList<>(); rawOptions.add("start-dev"); // rawOptions.add("--db=dev-mem"); // TODO With dev-mem there's an issue as the H2 DB isn't stopped when restarting embedded server @@ -24,6 +21,9 @@ public class EmbeddedKeycloakTestServer implements KeycloakTestServer { if (!serverConfig.features().isEmpty()) { rawOptions.add("--features=" + String.join(",", serverConfig.features())); } + + serverConfig.adminUserName().ifPresent(username -> rawOptions.add("--bootstrap-admin-username=" + username)); + serverConfig.adminUserPassword().ifPresent(password -> rawOptions.add("--bootstrap-admin-password=" + password)); serverConfig.options().forEach((key, value) -> rawOptions.add("--" + key + "=" + value)); diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/containers/KeycloakQuarkusServerDeployableContainer.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/containers/KeycloakQuarkusServerDeployableContainer.java index 2a4068f886..244af6061d 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/containers/KeycloakQuarkusServerDeployableContainer.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/containers/KeycloakQuarkusServerDeployableContainer.java @@ -151,8 +151,8 @@ public class KeycloakQuarkusServerDeployableContainer extends AbstractQuarkusDep } if (!StoreProvider.JPA.equals(StoreProvider.getCurrentProvider())) { - builder.environment().put("KEYCLOAK_ADMIN", "admin"); - builder.environment().put("KEYCLOAK_ADMIN_PASSWORD", "admin"); + builder.environment().put("KC_BOOTSTRAP_ADMIN_USERNAME", "admin"); + builder.environment().put("KC_BOOTSTRAP_ADMIN_PASSWORD", "admin"); } if (restart.compareAndSet(false, true)) { diff --git a/themes/src/main/resources/theme/keycloak/welcome/index.ftl b/themes/src/main/resources/theme/keycloak/welcome/index.ftl index 2ee671a33b..4f5bc30a17 100755 --- a/themes/src/main/resources/theme/keycloak/welcome/index.ftl +++ b/themes/src/main/resources/theme/keycloak/welcome/index.ftl @@ -110,7 +110,7 @@ <#else> -

To create the administrative user open ${localAdminUrl}, or set the environment variables KEYCLOAK_ADMIN and KEYCLOAK_ADMIN_PASSWORD when starting the server.

+

To create the administrative user open ${localAdminUrl}, or set the environment variables KC_BOOTSTRAP_ADMIN_USERNAME and KC_BOOTSTRAP_ADMIN_PASSWORD when starting the server.