Unable to login to admin console with admin user in externalDatabase deployment

Configuring the server
,
1

I am installing keycloak through a third party open source application called camunda. The installation is done through helm on k8s. Internally camunda uses bitnami keycloak helm chart for installation

With the below helm values file configuration (local) I am enabling keycloak, configuring an external postgres server and setting the admin user/password to admin/admin.
When we navigate to the keycloak page (http://localhost:18080) we see the keycloak welcome page. Accessing the “Administration Console” page navigates to the login screen. Logging in with admin/admin fails though with “Invalid username or password” error (screenshot attached).

The keycloak k8s pod does print the below logs indicating the login error.

Any inputs on what could be going wrong would be helpful? Thanks

Keycloak Logs

14:00:59,330 WARN  [org.keycloak.events] (default task-2) type=LOGIN_ERROR, realmId=master, clientId=security-admin-console, userId=null, ipAddress=127.0.0.1, error=user_not_found, auth_method=openid-connect, auth_type=code, redirect_uri=http://localhost:18080/auth/admin/master/console/, code_id=e66f96be-3ebf-4da3-a354-2840e379a1ff, authSessionParentId=e66f96be-3ebf-4da3-a354-2840e379a1ff, authSessionTabId=GMIbo2jB2WE
14:00:59,835 WARN  [org.keycloak.events] (default task-2) type=LOGIN_ERROR, realmId=master, clientId=admin-cli, userId=46da1e66-7f55-494f-93a1-d6a2861b4e73, ipAddress=10.42.0.58, error=invalid_user_credentials, auth_method=openid-connect, grant_type=password, client_auth_method=client-secret, username=admin, authSessionParentId=c3d1efbb-5ba2-4195-9926-c02ecc37b15d, authSessionTabId=poB-1DXKPcs

Helm file

  keycloak:
    enabled: true
    postgresql:
      enabled: false
    externalDatabase:
      host: 192.168.1.7
      port: 5432
      user: admin
      database: postgres
      password: admin
    auth:
      adminUser: admin
      adminPassword: admin

image
image1279×525 78 KB

2

We observed that this issue appears only if we configure an externalDatabase to keycloak. We could login with admin/admin if the database is internally created by keycloak helm installation.

Also without the externalDatabase configuration we observed that the keycloak instance does not restart if the helm chart is uninstalled and installed again. It fails to connect with the database container. The error logged is shared below

  1. Any idea what could be reason and how could we configure admin user when we have an external postgres database for keycloak?
  2. Why does the keycloak instance fail to connect to postgres on restart? What configuration is missing?

Thanks.
Keycloak restart failure log

Caused by: org.postgresql.util.PSQLException: FATAL: password authentication failed for user "bn_keycloak"
	at org.postgresql.jdbc@42.2.14//org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:525)
	at org.postgresql.jdbc@42.2.14//org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:146)
	at org.postgresql.jdbc@42.2.14//org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:197)
	at org.postgresql.jdbc@42.2.14//org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:49)
	at org.postgresql.jdbc@42.2.14//org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:217)
	at org.postgresql.jdbc@42.2.14//org.postgresql.Driver.makeConnection(Driver.java:458)
	at org.postgresql.jdbc@42.2.14//org.postgresql.Driver.connect(Driver.java:260)
3

I was facing similar issue while install bitnami/keycloak helm chart. I first installed the chart using the default values which created the username: user and password:<random_value>. Then I had to remove all the tables from the postgres and then do the helm chart install with modified auth adminUser and adminPassword values.
I see your yaml the externalDatabase is inside keycloak.

keycloak:
    enabled: true
    postgresql:
      enabled: false
    externalDatabase:
      host: 192.168.1.7
      port: 5432
      user: admin
      database: postgres
      password: admin
    auth:
      adminUser: admin
      adminPassword: admin

But in camunda-platform values.yaml it outside the keycloak. Try to check it.

And from the error

Caused by: org.postgresql.util.PSQLException: FATAL: password authentication failed for user "bn_keycloak"

It seems that your provided postgres credential values are not been taken and its defaulting to the bitnami/postgres chart’s default value.