This procedure can be used to access the interface to manage Keycloak users. Users can be added with this interface. See Create Internal User Accounts in the Keycloak Shasta Realm.
This procedure uses SYSTEM_DOMAIN_NAME
as an example for the DNS name of the non-compute node (NCN). Replace this name with the actual NCN’s DNS name while executing this procedure.
This procedure assumes that the password for the Keycloak admin
account is known. The Keycloak password is set during the software installation process.
(ncn-mw#
) The password can be obtained with the following command:
```bash
kubectl get secret -n services keycloak-master-admin-auth --template={{.data.password}} | base64 --decode
```
Point a browser at https://auth.cmn.SYSTEM_DOMAIN_NAME/keycloak/
, replacing SYSTEM_DOMAIN_NAME
with the actual NCN’s DNS name. Use of the auth.cmn.
sub-domain is required for administrative access to Keycloak.
The following is an example URL for a system: https://auth.cmn.system1.us.cray.com/keycloak/
The value of SYSTEM_DOMAIN_NAME
for a given cluster is obtained as shown in the following example:
```bash
# echo $SYSTEM_DOMAIN
system1.us.cray.com
```
The browser may return an error message similar to the following when auth.cmn.SYSTEM_DOMAIN_NAME/keycloak
is launched for the first time:
```text
This Connection Is Not Private
This website may be impersonating "hostname" to steal your personal or financial information.
You should go back to the previous page.
```
See Make HTTPS Requests from Sources Outside the Management Kubernetes Cluster for more information on getting the Certificate Authority (CA) certificate on the system.
Click the Administration Console
link.
Log in as the admin
user for the Master
realm.
Ensure that the selected Realm
is Shasta
.
Click the Users
link under the Manage
menu on the left side of the screen.
New users can be added with this interface. See Create Internal User Accounts in the Keycloak Shasta Realm.