[keycloak-dev] realm import/upload implemented

Stian Thorgersen stian at redhat.com
Thu Dec 19 11:03:27 EST 2013 


----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: keycloak-dev at lists.jboss.org
> Sent: Thursday, 19 December, 2013 3:49:00 PM
> Subject: Re: [keycloak-dev] realm import/upload implemented
> 
> Ya, i was talking solely about private keys and credentials.
> 
> I think a "full" export might also be needed for migration.  For example
> if the persistence model changes between Keycloak 1.0 and Keycloak 2.0
> or users want to completely change their backend database type, i.e.
> RDBMS - Mongo.

+1

> 
> 
> On 12/19/2013 10:41 AM, Stian Thorgersen wrote:
> > If someone can access the REST endpoints they can quite easily do an
> > "export" themselves.
> >
> > What should not be exposed through the REST endpoints is the private key or
> > any credentials. So an export will not work fully. Export/import would
> > require re-generating keys + resetting all user/app/client passwords. Even
> > hashed passwords can be cracked so we shouldn't have a REST endpoint
> > exposing them..
> >
> > ----- Original Message -----
> >> From: "Bill Burke" <bburke at redhat.com>
> >> To: keycloak-dev at lists.jboss.org
> >> Sent: Thursday, 19 December, 2013 2:14:15 PM
> >> Subject: Re: [keycloak-dev] realm import/upload implemented
> >>
> >>
> >>
> >> On 12/19/2013 3:42 AM, Stian Thorgersen wrote:
> >>>
> >>>
> >>> ----- Original Message -----
> >>>> From: "Marek Posolda" <mposolda at redhat.com>
> >>>> To: "Gabriel Cardoso" <gcardoso at redhat.com>
> >>>> Cc: keycloak-dev at lists.jboss.org
> >>>> Sent: Thursday, 19 December, 2013 5:50:57 AM
> >>>> Subject: Re: [keycloak-dev] realm import/upload implemented
> >>>>
> >>>> I wonder if we also want to support export existing realms to JSON file
> >>>> in
> >>>> admin console? Might be useful especially for migration between
> >>>> environments
> >>>> (from stage to production etc)
> >>>
> >>> +1
> >>>
> >>
> >> I thought about this long ago, that any export facility should only be
> >> available locally and not remotely.  Maybe I'm just overparanoid?
> >>
> >> Bill
> >>
> >>
> >> --
> >> Bill Burke
> >> JBoss, a division of Red Hat
> >> http://bill.burkecentral.com
> >> _______________________________________________
> >> keycloak-dev mailing list
> >> keycloak-dev at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >>
> 
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
>

More information about the keycloak-dev mailing list