kcadm.sh is the admin CLI for Keycloak, we can do most of the operation using this script. Download the Keycloak file, kcadm.sh are inside that file.
wget https://github.com/keycloak/keycloak/releases/download/24.0.1/keycloak-24.0.1.tar.gz
extract the keycloak-24.0.1.tar.gz
tar zxvf keycloak-24.0.1.tar.gzMove to the folder bin
cd keycloak-24.0.1/bin
run the kcadm.sh
Optional: Run Keycloak on Docker
If you didn’t have a Keycloak ready for test, you can spin one using docker
docker run -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:24.0.1 start-dev
Login to Keycloak as Admin
Update KEYCLOAK_URL, KEYCLOAK_REALM, KEYCLOAK_USER, _KEYCLOAK_PASSWORD with the real value
./kcadm.sh config credentials --server "$KEYCLOAK_URL" --realm "$KEYCLOAK_REALM" --user "$KEYCLOAK_USER" --password "$_KEYCLOAK_PASSWORD" # example ./kcadm.sh config credentials --server http://localhost:8080 --realm master --user admin --password admin
Output after successfully login
Logging into http://localhost:8080 as user admin of realm master # failed output Logging into http://localhost:8080 as user admin of realm master Invalid user credentials [invalid_grant]
After login, keycloak will store the token on file $HOME/.keycloak/kcadm.config
Update User Password
To update the password admin user, run
# use more secure password ./kcadm.sh set-password -r master --username admin --new-password "S3CUREPASS123456"
no output at all if the set password success. Now try login using the new password
$ ./kcadm.sh config credentials --server http://localhost:8080 --realm master --user admin --password "S3CUREPASS123456" Logging into http://localhost:8080 as user admin of realm master
Shell Script
To automate the process above, we can create a shell script, which will do all step for us. Create a new file called update-pass-keycloak.sh, with following code
#!/usr/bin/env bash # Script to update Keycloak Password KEYCLOAK_URL="http://localhost:8080" REALM="master" USER="admin" PASSWORD="admin" NEW_PASSWORD="S3CUREPASS123456" KCADM="/home/jack/keycloak-24.0.1/bin/kcadm.sh" echo "Login to Keycloak" $KCADM config credentials --server "$KEYCLOAK_URL" --realm "$REALM" --user "$USER" --password "$PASSWORD" [ $? -eq 0 ] && echo "Login success" || exit 1 echo "Change the password" $KCADM set-password -r "$REALM" --username "$USER" --new-password "$NEW_PASSWORD" [ $? -eq 0 ] && echo "Password updated" || exit 1 echo "Login to Keycloak using new password" $KCADM config credentials --server "$KEYCLOAK_URL" --realm "$REALM" --user "$USER" --password "$NEW_PASSWORD" [ $? -eq 0 ] && echo "Login success" || exit 1
give the file executed permission before run the script
chmod +x update-pass-keycloak.shUpdate the first couple of lines, with your Keycloak url and credential then run the script
./update-pass-keycloak.sh # or bash ./update-pass-keycloak.sh