Shop

Your Notifications (0)

There are currently no notifications. You're all set!

Demos Trials
Knowledge Base
ChemDraw and ChemOffice+ Products Signals Notebook E-Notebook and ChemBioOffice Enterprise Spotfire and Signals Spotfire Products Columbus Signals Image Artist
Downloads
Downloads
Community
Support Forums Ideas Portal Product Basics
About Support
Legal Resources Support and Maintenance Plans Product Life Cycle Support News
Contact Support

Signals Image Artist: Error when accessing "My Account" and "Users and Groups" administation page following upgrade to SImA 1.3

Howell, Richard
  • Updated

Problem:

After upgrading to SImA 1.3 and subsequently logging in to SImA 1.3 it's not possible to access "My Account" and "Users & Groups" pages from the Administration menu.

 

"My Account" shows the below error:

 

my_account_page.png

The "Users and Groups" page shows the following message:

 

user_and_groups_page.png

The SImA_keycloak.log reports the following error:

 

2024-01-11T15:09:43+01:00 Wrong user credentials. Trying to login with SImA 1.2 password and changing it to the new one

2024-01-11T15:09:44+01:00 2024-01-11 14:09:44,353 WARN org.keycloak.events type=LOGIN_ERROR, realmId=master, clientId=admin-cli, userId=null, ipAddress=127.0.0.1, error=user_not_found, auth_method=openid-connect, grant_type=password, client_auth_method=client-secret, username=kcadmin

2024-01-11T15:09:44+01:00 Keycloak credentials don't match with the ones from either SImA 1.2 or the new ones. Exiting.

 

The problem arises when keycloak attempts to verify the admin user credentials. In SImA 1.3 how and where the Keycloak admin password is stored has been changed, it's now stored as a docker secret in .secrets/kcadmin_password. Previously in SImA 1.2 it was stored in the custom.env file which is found in the SImA installation directory. See the following knowledge article for more information regarding accessing the Keycloak Admin console:

Signals Image Artist: Accessing the Keycloak Admin Console

The variable in question as it appeared in the custom.env file in SImA 1.2 is shown below:

KEYCLOAK_USER=
KEYCLOAK_PASSWORD=

During the upgrade the KEYCLOAK_PASSWORD is used to configure Keycloak (if it differs from the default) but thereafter the .secret/kcadmin_password is used.

In SImA 1.3 the "kcadmin" user is hard coded so the "kcadmin" user must exist and the password set for that user needs to match what's listed in the .secrets/kcadmin_password file. 

 

Solution:

1 - If the KEYCLOAK_USER= variable in SImA 1.2 was set to something other than "kcadmin". 
 
To resolve the issue it should be sufficient to login to the Keycloak admin console using the credentials previously set in the custom.env file, switch to the "master realm" and then click on the 'users' view (see screenshot). If the kcadmin user does NOT exist, it needs to be created with the same role mappings as the existing Keycloak admin user listed there, which must include the"admin" and "default-roles-master" roles as shown in the 2nd screenshot below. 

 

kcadmin user keycloak.jpg 

kcadmin_roles.jpg

 

Once that's done, delete the original keycloak master realm admin user account leaving just the "kcadmin" admin user and redeploy the SImA stack.

(note, do not delete the admin user listed under the the SImA realm, that must remain)

 

2 - If the kcadmin user does already exist, check to make sure that the password set for the kcadmin user matches what is listed in the .secrets/kcadmin_password file. If it does not match, update the .secrets/kcadmin_password file and redeploy the SImA stack.

 

 

 

 

 

 

Related articles