Administrator Initial Password

Last modified 24 Jan 2024 12:52 +01:00
Since 4.8.1
This functionality is available since version 4.8.1.

Since version 4.8.1 MidPoint distribution does not come with default administrator password 5ecr3t, but rather provides several ways to set initial password or if initial password is not set, password is generated.

Using Generated Password

If clean installation of midPoint is started without any configuration for initial password, during first run of midPoint password will be generated and printed out in the logs.

To obtain it, you should start your midPoint instance and search logs for Administrator initial password. The password may contain spaces, so it is enclosed with double qoutes. Do not forget to remove qoutes.

after first login to Administrator account change the password, or disable built-in administrator, because initial password may still be present in logs or environment variables after some time.
Obtaining password from logs:
$ grep "Administrator initial password" var/log/midpoint.log (1)
2024-01-24 11:21:35,392 [] [main] WARN (com.evolveum.midpoint.init.DataImport): Administrator initial password (except double quotes): "Ec5s !f7a" (2)
1 Searching logs using grep for initial password
2 The initial password is Ec5s !f7a (you should copy it without leading and trailing qoutes)

Setup of initial password

Initial password must conform to default password policy, otherwise administrator user will not be created.

You can configure initial password:

Default Password Policy

Default password policy is stricter since midPoint 4.8.1 and following are the requirements for password:

  • length: 8 - 14 characters

  • at least one uppercase letter

  • at least one lowercase letter

  • at least one number

  • you can use also special characters

Using environment variable

Setting initial password using environment variable provides most possibilites and it is also compatible also with Docker conventions.

You need to set environment variable MP_SET_midpoint_administrator_initialPassword to value of initial password.

This is useful for developers also, they can configure their environment variables to store default midPoint password so it will not change with any new run.
Shell
export MP_SET_midpoint_administrator_initialPassword=Test5ecr3t
bin/midpoint.sh start

Docker Examples

Docker
docker run evolveum/midpoint ... -E MP_SET_midpoint_administrator_initialPassword=Test5ecr3t ...
Docker Compose
version: "3.3"
services:
  midpoint:
    image: evolveum/midpoint
    environment:
      MP_SET_midpoint_administrator_initialPassword: Test5ecr3t
    ...

Using java property

It is possible to also set default initial password using java property midpoint.administrator.initialPassword.

bin/midpoint.sh start -Dmidpoint.administrator.initialPassword=Test5ecr3t

Using config.xml

If any of previous methods does not work for you, it is possible to setup initial password using config.xml, which contains also other infrastructure passwords.

  1. config.xml

<configuration>
    <midpoint>
        ....
        <administrator>
          <initialPassword>xml5ecr3t</initialPassword>
        </administrator>
    </midpoint>
</configuration>
Was this page helpful?
YES NO
Thanks for your feedback