Create admin user for CEDAR realm

Introduction

CEDAR stores provenance information for all resources that it manages. There are some resources, that should be already present in an "empty" system. These include:

The / (root) folder of the system
The /Users folder of the system

We want theses resources to have provenance information, but we don't want to tie them to real users. The realm-level admin user will own these "bootstrap" resources.

Create admin user for CEDAR realm

We created a global Keycloak admin user at one of the previous steps.

We will need a CEDAR realm admin user for administrative purposes. In order to create this, follow the below steps:

Start Keycloak if it is not running:

startkk

Access it through your browser: http://auth.metadatacenter.orgx or http://auth.metadatacenter.net
Log in to the Administration Console with the admin/administrator user
Select CEDAR realm from the left menu
Click on "Users" in the left menu
Click "View all users"
Click "Add user"
Create a user with the cedar-admin as username. Fill out the other fields as follows:
- Email: a real email address that you have access to
- First Name: CEDAR
- Last Name: Admin
Save the user
Set up a password for the newly created cedar-admin user
- Go to the "Credentials" tab
- Enter the password twice
- Set the temporary to "Off"
Save the information

Set up roles for CEDAR admin user

We will need to add the view-users, view-profile and manage-account role to the cedar-admin user to allow the access of profiles.

Select CEDAR realm from the left menu
Click on "Users" in the left menu
Click "View all users"
Select the "cedar-admin" user
Click on "Role-Mappings" tab
From the "Client Roles" dropdown pick realm-management
Add view-users role to the user
From the "Client Roles" dropdown pick account
Add view-profile and manage-account roles to the user

Update .bash_profile with domain admin user UUID

Take the value of ID field. This will be the "Keycloak Cedar realm admin user internal ID" that you will need to put into your .bash_profile file:

vi ~/.bash_profile

Replace the value between the quotes on this line

export CEDAR_ADMIN_USER_UUID="<CEDAR_ADMIN_USER_UUID>"

with the ID of the admin user. The line should look something like this:

export CEDAR_ADMIN_USER_UUID="ab2a9696-291f-4705-b5e6-6c262266c506"

Update .bash_profile with domain admin user password

Also enter the cedar-admin user passsword into the .bash_profile file. Replace

export CEDAR_ADMIN_USER_PASSWORD="<CEDAR_ADMIN_USER_PASSWORD>"

with the real password in plain text:

export CEDAR_ADMIN_USER_PASSWORD="RealPasswordHere"

Uh oh!

Create admin user for CEDAR realm

Introduction

Create admin user for CEDAR realm

Set up roles for CEDAR admin user

Update .bash_profile with domain admin user UUID

Update .bash_profile with domain admin user password

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!