Skip to content
This repository has been archived by the owner on Apr 17, 2023. It is now read-only.

Create admin user for CEDAR realm

Jump to bottom
Attila Levente EGYEDI edited this page Apr 5, 2017 · 20 revisions

Introduction

CEDAR stores provenance information for all resources that it manages. There are some resources, that should be already present in an "empty" system. These include:

  • The / (root) folder of the system
  • The /Users folder of the system

We want theses resources to have provenance information, but we don't want to tie them to real users. The realm-level admin user will own these "bootstrap" resources.

Create admin user for CEDAR realm

We created a global Keycloak admin user at one of the previous steps.

We will need a CEDAR realm admin user for administrative purposes. In order to create this, follow the below steps:

Start Keycloak if it is not running:

startkk
  • Access it through your browser: http://auth.metadatacenter.orgx or http://auth.metadatacenter.net
  • Log in to the Administration Console with the admin/administrator user
  • Select CEDAR realm from the left menu
  • Click on "Users" in the left menu
  • Click "View all users"
  • Click "Add user"
  • Create a user with the cedar-admin as username. Fill out the other fields as follows:
    • Email: a real email address that you have access to
    • First Name: CEDAR
    • Last Name: Admin
  • Save the user
  • Set up a password for the newly created cedar-admin user
    • Go to the "Credentials" tab
    • Enter the password twice
    • Set the temporary to "Off"
  • Save the information

Set up roles for CEDAR admin user

We will need to add the view-users, view-profile and manage-account role to the cedar-admin user to allow the access of profiles.

  • Select CEDAR realm from the left menu
  • Click on "Users" in the left menu
  • Click "View all users"
  • Select the "cedar-admin" user
  • Click on "Role-Mappings" tab
  • From the "Client Roles" dropdown pick realm-management
  • Add view-users role to the user
  • From the "Client Roles" dropdown pick account
  • Add view-profile and manage-account roles to the user

Update .bash_profile with domain admin user UUID

Take the value of ID field. This will be the "Keycloak Cedar realm admin user internal ID" that you will need to put into your .bash_profile file:

vi ~/.bash_profile

Replace the value between the quotes on this line

export CEDAR_ADMIN_USER_UUID="<CEDAR_ADMIN_USER_UUID>"

with the ID of the admin user. The line should look something like this:

export CEDAR_ADMIN_USER_UUID="ab2a9696-291f-4705-b5e6-6c262266c506"

Update .bash_profile with domain admin user password

Also enter the cedar-admin user passsword into the .bash_profile file. Replace

export CEDAR_ADMIN_USER_PASSWORD="<CEDAR_ADMIN_USER_PASSWORD>"

with the real password in plain text:

export CEDAR_ADMIN_USER_PASSWORD="RealPasswordHere"
Clone this wiki locally