I installed Keycloak 26.0.0 on Ubuntu and was able to create a temporary admin account. When I log in a banner says:
You are logged in as a temporary admin user. To harden security, create a permanent admin account and delete the temporary one.
How do I create a permanent admin account? Do I follow the "Managing users" documentation? Do I create the permanent admin account in the master realm? How do I give this admin correct permissions/role?
I read the Managing users documentation. I added a user named admin in the master realm and set a password. I do not see how to give it an admin role or admin permissions. I tried the Assign Role button but the admin role is not listed.
I have seen other questions here about giving admin role for new realms, but not anything that describes giving admin role in the master realm. Nor have I found any questions or documentation that gives details about a "permanent admin account".
I was able to add the admin role using the kcadm.sh command.
I am running keycloak on a bare metal system. I imagine the following commands can be adapted to use in other setups.
First I used the normal admin console to add a user 'admin' to the master realm. (As I mention in the question. I was unable to add the admin role to that user from that console.)
Next, login to the system that is hosting the Keycloak server and cd to your keycloak directory.
The kcadm.sh command needs you to first sign in using your temporary admin credentials. I used the name temp-admin for the initial admin account and the name admin for the permanent account. This will prompt you for the temp-admin password.
Finally, add the admin role to the admin user.
You can verify that the roles for temp-admin and admin are the same with:
I was able to login to the admin console as the new admin user and verify it has the admin role now. For example, the
Create realmbutton only appears with the admin role and its inherited roles.