1
0
Fork 0
forked from pub-solar/infra
pub-solar-infra-new/docs/keycloak/keycloak-reset-user-password.md

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

37 lines
1.5 KiB
Markdown
Raw Normal View History

2023-11-16 21:04:29 +00:00
# Process for resetting keycloak user passwords
### Keycloak
2024-05-08 20:57:07 +00:00
2023-11-16 21:04:29 +00:00
Required:
2024-05-08 20:57:07 +00:00
- auth.pub.solar admin-cli service user credentials
2024-06-10 18:26:20 +00:00
- [SSH access to host `nachtigall`](../administrative-access.md#ssh-access)
2024-05-08 20:57:07 +00:00
2024-06-10 18:26:20 +00:00
Run the following after SSH'ing to `nachtigall`:
2023-11-16 21:04:29 +00:00
2024-06-10 18:26:20 +00:00
```
2023-11-16 21:04:29 +00:00
mkdir /tmp/keycloak-credential-reset
sudo --user keycloak kcadm.sh config credentials --config /tmp/kcadm.config --server http://localhost:8080 --realm pub.solar --client admin-cli
2023-11-16 21:04:29 +00:00
sudo --user keycloak kcadm.sh get --config /tmp/kcadm.config users --realm pub.solar | jq --raw-output '.[] | .id' > /tmp/keycloak-credential-reset/all-uuids
for UUID in $(cat /tmp/keycloak-credential-reset/all-uuids); do
sudo --user keycloak kcadm.sh get --config /tmp/kcadm.config users/$UUID/credentials --realm pub.solar > /tmp/keycloak-credential-reset/$UUID
done
mkdir /tmp/keycloak-credential-reset/accounts-with-creds
find /tmp/keycloak-credential-reset -type f -size +3c -exec mv '{}' /tmp/keycloak-credential-reset/accounts-with-creds/ \;
rm -r /tmp/keycloak-credential-reset/accounts-with-creds/
find /tmp/keycloak-credential-reset/ -type f -exec basename '{}' \; > /tmp/keycloak-credential-reset/accounts-without-credentials
vim /tmp/keycloak-credential-reset/accounts-without-credentials
for UUID in $(cat /tmp/keycloak-credential-reset/accounts-without-credentials); do
sudo --user keycloak kcadm.sh update --config /tmp/kcadm.config users/$UUID/reset-password --target-realm pub.solar --set type=password --set value=$(< /dev/urandom tr -dc A-Z-a-z-0-9 | head -c${1:-32};echo;) --set temporary=true --no-merge
done
```