We Keep Coding

Unable to login to keycloak using master realm credentials

I am using keycloak operator to install keycloak and i have configured keycloak to use external database (RDS instance). ==> (externalDatabase: true)
The keycloak instances are up and running without any issues.
When i tried to login to the keycloak UI with master realm credentials it is telling that the credentials are invalid, though the credentials are correct.
I am getting the credentials using the following command.
kubectl get secret credential-test -o go-template='{{range $k,$v := .data}}{{printf "%s: " $k}}{{if not $v}}{{$v}}{{else}}{{$v | base64decode}}{{end}}{{"\n"}}{{end}}'
The following is the log from the instance.
07:40:48,172 WARN [org.keycloak.events] (default task-1) type=LOGIN_ERROR, realmId=master, clientId=security-admin-console, userId=566f4e3e-c0f1-4304-bca2-686321d88b87, ipAddress=10.242.3.61, error=invalid_user_credentials, auth_method=openid-connect, auth_type=code, redirect_uri=https://test123.net/auth/admin/master/console/, code_id=5561bc9e-e2b9-41e3-836d-37add6e74c1c, username=admin, authSessionParentId=5561bc9e-e2b9-41e3-836d-37add6e74c1c, authSessionTabId=Oq-orhggRE4
Any advice or suggestion is highly appreciated.

I had this, or a similar issue as well when setting up the operator.
It appears that the external database that supposedly stores the admin username and password isn't updated when a new secret is generated if, say, the CRD for the Keycloak instance is deleted along with the secret. The steps I went through to fix it was to:
Delete the CRD.
Delete the database.
Recreate the database.
Recreate the CRD.
That way, the database should have no reason to accept the new credentials.
There is probably a better solution. But I could not find it in the docs so far.

Domain glassfish requires authentication with the realm 'dolmen'

In my work I give support to users, and the following problem has been sent to me.
Logs Jenkins: (Automated tests that run in the night)
[HttpAuthenticationRequestFilter$UPDCredentialsProvider] Domain
request authentication with the realm 'dolmen'
Logs Server:
23/01/2018 01:28:25.637 [http-thread-pool-8080(15)] WARN java.util.logging.Logger.doLog WEB9102: Web Login Failed:
com.sun.enterprise.security.auth.login.common.LoginException: Login failed: Security Exception
23/01/2018 01:28:25.646 [http-thread-pool-8080(29)] ERROR java.util.logging.Logger.doLog jdbcrealm.invaliduserreason
Via asadmin I've checked that the realm dolmen exists
asadmin> list-auth-realms
Authentication failed with password from login store: /root/.asadminpass
Enter admin password for user "admin">
admin-realm
file
certificate
dolmen
pnf-realm
Command list-auth-realms executed successfully.
asadmin>
What could be the problem?

UPDATE 1)
I was able to reproduce the error in SOAPUI. During the call to the web service, I noticed that if I change a letter in the login user or password, I can see the error message : " request authentication with the realm 'dolmen'"
Log SOAPUI:
But as you can see, in the image "Log SOAPUI:" I also have a HTTP 401.
In SoapUI Preferences, I notice that the option "Authenticate Preemptively" was disable. After enable the option "Authenticate Preemptively" I was able to finish a test in my local machine without error.
In the machine where Jenkins is installed (Where the Automated tests run in the night), I notice that the file soapui-preferences.xml does not exist. So maybe the solution for the problem is here.
I'm waiting for a time frame to be able to test without impacting testers.
I will keep you posted.
UPDATE 2)
To get rid of this problem I've rebuild my glassfish domain.

SonarLint in IntelliJ works with username and password but not with token

I configure the Server in IntelliJ like this:
Name: xsonar
Server URL: https://sonar.xyz.com/
Organization:
Auth Type: Token
Token: my-on-sonar-created-token
Not using proxy
It says for the test connection:
Error testing connection: Not authorized. Please check server credentials.
However, if I use identical configuration but with my sonar login and password it works perfectly.
The documentation doesn't say anything about this: http://www.sonarlint.org/intellij/
And I didn't find similar issues.
The version of my SonarQube is 6.2.
How dangerous is it to use password and username instead of token?

We had a reversed proxy sitting in between which wouldn't let the request through using our normal proxy. So far I haven't found a good solution to work around the reversed proxy.

SBT proxy repository authentication

I'm trying to use an Artifactory server as proxy for the resolution of java/scala artifacts.
I'm referring to this documentation, where the suggestion is to put the following lines in ~/.sbt/repositories:
[repositories]
local
my-ivy-proxy-releases: http://repo.company.com/ivy-releases/, [organization]/[module]/(scala_[scalaVersion]/)(sbt_[sbtVersion]/)[revision]/[type]s/[artifact](-[classifier]).[ext]
my-maven-proxy-releases: http://repo.company.com/maven-releases/
Unfortunaely there's no mention on where I should put my authentication credentials, and
Any clue?

In the buid.sbt put the following:
credentials += Credentials("Artifactory Realm", "artifacts.schibsted.io", "username", "password")
The Artifactory Realm string is required as it is.

Artifactory allow anonymous access for docker pull

I have set anonymous access enabled for the read operations in the docker. But when I try to pull an image from the repository it asks for an authentication password.
What is the correct way to set anonymous read access to the docker repository ? I have followed this documentation
https://www.jfrog.com/confluence/display/RTF/Managing+Permissions
Following is the error
Error response from daemon: Get https://my-repo/v2/nginx/manifests/latest: unknown: Unauthorized