Default user administration

You installed IBM® Rational® Test Automation Server and you want to know about how the software manages user access.

Rational® Test Automation Server uses Keycloak V9.0.2 (https://www.keycloak.org/) to manage and authenticate users.

If you manage and authenticate users by using an LDAP and Active Directory server, you can configure Keycloak to connect to that server. For more information, see LDAP user administration.

Keycloak uses the concept of a realm to manage and authenticate users. When you install the server software, a realm called testserver is created for you in Keycloak. All server users belong to this realm and when they log in to the server, they log into that realm.

As an administrator, it is important to consider the following points about the server administration:

• By default, there is no administrator for Rational® Test Automation Server.

  Such an administrator is required for accessing additional functions, which includes claiming ownership of server projects and unarchiving them. But you can assign administrative privileges to any user. You must do this by adding the admin role to the user in Keycloak.

• You must sign up a user that you want to be the administrator. You must go to the Login page at https://<fully-qualified-dns-name>:443 and sign up.
  Note: Do not use that admin user to perform non-administration tasks. Instead, sign up another user.
• After you sign up the user that you want to be the administrator for Rational® Test Automation Server, you must log in to the Keycloak Admin Console at https://<fully-qualified-dns-name>:443/auth/admin/ to make that user the server administrator.
  The default user name for the Keycloak administrator is keycloak. The password is randomly generated when the software is installed. You can see the password by using the following kubectl command:

  kubectl get secret -n test-system rockstar-keycloak-postgresql -o jsonpath="{.data.password}" | base64 --decode; echo

  After you log in to the Keycloak Admin Console, from the Users page, you can search and select the user that you want to make an administrator. From the Groups tab, you can join the user to the Admins group.

  For more information about assigning user roles, see Groups in the Keycloak documentation.

Now that you are the server administrator, it is important to consider the following points about the default user management and authentication:

• Minimum password length defaults to 8 characters
• Email verification of new users is turned off
• The Forgot Password feature is turned on by default but no instructions are sent to the user to reset their password
• Forgotten user passwords are changed by you if you do not enable Keycloak to send instructions to reset a password

You can review the following sections about changing the default authentication controls.