Keycloak 17 impossible to create initial admin user

Hello. I’m trying to run keycloak on a virtual machine on Google Cloud on Ubunto 18 LTS.
Since this is a server, I don’t have access to local host to create the ADMIN user normally.

The export environment method displayed on Server Administration Guide does not works.

My installation was the following:
cd /opt
sudo wget
sudo tar -xvzf keycloak-17.0.0.tar.gz
sudo mv keycloak-17.0.0 /opt/keycloak
export KEYCLOAK_ADMIN=admin
sudo ./ start-dev

But as seen in the image he is still complaining about not having an admin user.

Notice that the image still tells us to use the old script, which isn’t present in this version.

I managed to enable HTTPS, so that I could access the login page, but when I use the user and password to login, the console prints information that the user does not exist.

2022-03-21 17:04:39,775 WARN [] (executor-thread-16) type=LOGIN_ERROR, realmId=master, clientId=security-admin-console, userId=null, ipAddress=x, error=user_not_found, auth_method=openid-connect, auth_type=code, redirect_uri=, code_id=b295026f-aeac-4853-9833-2463e54bfb11, username=admin, authSessionParentId=b295026f-aeac-4853-9833-2463e54bfb11, authSessionTabId=OWa4xW0BVuQ

Is there any way to create the user in another way?
I recall the older versions had a script that no longer exists.


I had similar issue. But setting the environment variables (KEYCLOAK_ADMIN and KEYCLOAK_ADMIN_PASSWORD) did help.

But in my case I was having the distribution under user directories since it was for testing (specifically /home/centos/) and had set these environment variables under /home/centos/.bashrc.

Not an expert on linux, here the export statements are being executed under a user account but the keycloak is being started with sudo so I’m guessing it’s scoping issue that the process isn’t able to discover the exported variables.

1 Like

You are using the wrong guide (the one for the legacy wildfly based distribution).

Try the guide here: Keycloak - Guides

All env vars now use a KC_ prefix instead of KEYCLOAK_

The other thing is, that using sudo may loose environment variables.
While running in dev mode with start-dev you don’t need sudo.

Thanks @hegdekar & @bpedersen2 . It was the environment variables not being available to sudo user.

export KEYCLOAK_ADMIN=myadmin
export KEYCLOAK_ADMIN_PASSWORD=some_password
solved the problem, by passing the variables.


Had the same problem
For me a ssh tunel help

ssh -f myUser@theHostToConnect -L 2500:localhost:8080 -N

then in a web browser => localhost:2500 did the job :wink:

1 Like

Not sure on this @bpedersen2 I still see the same KEYCLOAK_ prefix instead of KC_ you are referring to.
I’m checking Configuring Keycloak - Keycloak and below is what I can see. Added screenshot for the clarity.