Shop

Your Notifications (0)

There are currently no notifications. You're all set!

Demos Trials
Knowledgebase
ChemDraw and ChemOffice+ Products Signals Notebook E-Notebook and ChemBioOffice Enterprise Spotfire and Signals Spotfire Products Image Artist Spectrus, Percepta, Katalyst, Luminata and more
Downloads
Downloads
Community
Ideas Portal Product Basics
About Support
Legal Resources Support and Maintenance Plans Product Life Cycle Support News
Contact Support

Image Artist: Error when accessing "My Account" and "Users and Groups" administation page following upgrade to ImA 1.3

Howell, Richard
  • Updated

Problem:

After upgrading to ImA 1.3 and subsequently logging in to ImA 1.3 it's not possible to access "My Account" and "Users & Groups" pages from the Administration menu.

 

"My Account" shows the below error:

 

my_account_page.png

The "Users and Groups" page shows the following message:

 

user_and_groups_page.png

The ImA_keycloak.log reports the following error:

 

2024-01-11T15:09:43+01:00 Wrong user credentials. Trying to login with ImA 1.2 password and changing it to the new one

2024-01-11T15:09:44+01:00 2024-01-11 14:09:44,353 WARN org.keycloak.events type=LOGIN_ERROR, realmId=master, clientId=admin-cli, userId=null, ipAddress=127.0.0.1, error=user_not_found, auth_method=openid-connect, grant_type=password, client_auth_method=client-secret, username=kcadmin

2024-01-11T15:09:44+01:00 Keycloak credentials don't match with the ones from either ImA 1.2 or the new ones. Exiting.

 

The problem arises when keycloak attempts to verify the admin user credentials. In ImA 1.3 how and where the Keycloak admin password is stored has been changed, it's now stored as a docker secret in .secrets/kcadmin_password. Previously in ImA 1.2 it was stored in the custom.env file which is found in the ImA installation directory. See the following knowledge article for more information regarding accessing the Keycloak Admin console:

Image Artist: Accessing the Keycloak Admin Console

The variable in question as it appeared in the custom.env file in ImA 1.2 is shown below:

KEYCLOAK_USER=
KEYCLOAK_PASSWORD=

During the upgrade the KEYCLOAK_PASSWORD is used to configure Keycloak (if it differs from the default) but thereafter the .secret/kcadmin_password is used.

In ImA 1.3 the "kcadmin" user is hard coded so the "kcadmin" user must exist and the password set for that user needs to match what's listed in the .secrets/kcadmin_password file. 

 

Solution:

1 - If the KEYCLOAK_USER= variable in ImA 1.2 was set to something other than "kcadmin". 
 
To resolve the issue it should be sufficient to login to the Keycloak admin console using the credentials previously set in the custom.env file, switch to the "master realm" and then click on the 'users' view (see screenshot). If the kcadmin user does NOT exist, it needs to be created with the same role mappings as the existing Keycloak admin user listed there, which must include the"admin" and "default-roles-master" roles as shown in the 2nd screenshot below. 

 

kcadmin user keycloak.jpg 

kcadmin_roles.jpg

 

Once that's done, delete the original keycloak master realm admin user account leaving just the "kcadmin" admin user and redeploy the ImA stack.

(note, do not delete the admin user listed under the the ImA realm, that must remain)

 

2 - If the kcadmin user does already exist, check to make sure that the password set for the kcadmin user matches what is listed in the .secrets/kcadmin_password file. If it does not match, update the .secrets/kcadmin_password file and redeploy the ImA stack.

 

 

 

 

 

 

Related articles

Comments

0 comments

Article is closed for comments.