How to Add an User in WildFly

If you are an administrator of a Wildfly server, you may need to add new users to the server for authentication and authorization purposes. This short tutorial will teach you how to Add a management user with WildFly Application Server.

The add-user.sh script is a command-line tool that allows you to add new users to Wildfly, including specifying their roles and credentials. this script is in the JBOSS_HOME/bin folder.

Launch the script:

wildfly admin console password wildfly admin console password

  1. Select the default option β€œa” to add a Management user.
  2. This user will belong to the ManagementRealm. Therefore it will be able to perform management operations using the web-based Admin Console or the CLI (command-line interface). The other choice, b, adds a user to the ApplicationRealm,
  3. Enter the username and password.
  4. Then, enter group information.
  5. Add the group or groups to which the user belongs. If the user belongs to multiple groups, enter a comma-separated list. Leave it blank if you do not want the user to belong to any groups.
  6. Review the information and to confirm type yes.

Here is a transcript which summarizes these steps:

$ ./add-user.sh 

What type of user do you wish to add? 
 a) Management User (mgmt-users.properties) 
 b) Application User (application-users.properties)
(a): a

Enter the details of the new user to add.
Using realm 'ManagementRealm' as discovered from the existing property files.
Username : admin123
Password recommendations are listed below. To modify these restrictions edit the add-user.properties configuration file.
 - The password should be different from the username
 - The password should not be one of the following restricted values {root, admin, administrator}
 - The password should contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), 1 non-alphanumeric symbol(s)
Password : 
Re-enter Password : 
What groups do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[  ]: 
About to add user 'admin123' for realm 'ManagementRealm'
Is this correct yes/no? yes
Added user 'admin123' to file '/home/francesco/jboss/wildfly-16.0.0.Final/standalone/configuration/mgmt-users.properties'
Added user 'admin123' to file '/home/francesco/jboss/wildfly-16.0.0.Final/domain/configuration/mgmt-users.properties'
Added user 'admin123' with groups  to file '/home/francesco/jboss/wildfly-16.0.0.Final/standalone/configuration/mgmt-groups.properties'
Added user 'admin123' with groups  to file '/home/francesco/jboss/wildfly-16.0.0.Final/domain/configuration/mgmt-groups.properties'
Is this new user going to be used for one AS process to connect to another AS process? 
e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls.
yes/no? yes
To represent the user add the following to the server-identities definition <secret value="UGFzc3dvcmQxMjM=" />

Adding a WildFly User in non-interactive ways

It is also possible to add management and application users just by running a shell command. For example:

How to create a management user in the Default Realm

$ ./add-user.sh -u 'adminuser1' -p 'password1!' 

How to create an Application user belonging to a single group:

$ ./add-user.sh -a -u 'appuser1' -p 'password1!' -g 'guest'

Create an Application user belonging to multiple groups:

$ ./add-user.sh -a -u 'appuser1' -p 'password1!' -g 'guest,app1group,app2group'

How to create an Application user belonging to single group using alternate properties files:

$ ./add-user.sh -a -u appuser1 -p password1! -g app1group -sc /home/username/userconfigs/ -up appusers.properties -gp appgroups.properties 

Management users using other Realms

This tutorial discussed the basics of adding an user with the default FileSystem Security Realm. In realm world cases, you will probably be using a more robust Realm to store your management users.

To learn how to secure the Management interfaces using other realms (such as Database Realm) we recommend checking this article: Securing JBoss / WildFly Management Interfaces: the easy way