[keycloak-dev] Reset admin password

Stian Thorgersen stian at redhat.com
Fri May 22 08:56:55 EDT 2015



----- Original Message -----
> From: "Stan Silvert" <ssilvert at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Friday, 22 May, 2015 2:46:59 PM
> Subject: [keycloak-dev] Reset admin password
> 
> We need a way to reset the admin password in case it is lost or
> hijacked.  The proposal is to do that through an operation on the
> keycloak-server-subsystem that only runs in "offline CLI" mode.
> 
> First, we currently allow you to delete the admin user.  Should we
> disallow that and make the master admin user permanent?

Interesting question - quick answer, not sure!

There are all sorts of things that can be deleted that'll currently screw things up royally! For example deleting admin related roles and clients. Created https://issues.jboss.org/browse/KEYCLOAK-1340 for this.

For admin user maybe rather than a reset admin password option, we should have a reset admin account option?

> 
> Should the new operation only work on the master admin password or can
> it be applied to any user in any realm?

+1 To just admin

> 
> 
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> 


More information about the keycloak-dev mailing list