[keycloak-dev] Reset admin password

Leonardo Loch Zanivan leonardo.zanivan at gmail.com
Fri May 22 11:27:06 EDT 2015 

I think it's possible to rename/delete master realm...

On Fri, May 22, 2015 at 12:25 PM Marek Posolda <mposolda at redhat.com> wrote:

> On 22.5.2015 14:56, Stian Thorgersen wrote:
> >
> > ----- Original Message -----
> >> From: "Stan Silvert" <ssilvert at redhat.com>
> >> To: keycloak-dev at lists.jboss.org
> >> Sent: Friday, 22 May, 2015 2:46:59 PM
> >> Subject: [keycloak-dev] Reset admin password
> >>
> >> We need a way to reset the admin password in case it is lost or
> >> hijacked.  The proposal is to do that through an operation on the
> >> keycloak-server-subsystem that only runs in "offline CLI" mode.
> >>
> >> First, we currently allow you to delete the admin user.  Should we
> >> disallow that and make the master admin user permanent?
> > Interesting question - quick answer, not sure!
> >
> > There are all sorts of things that can be deleted that'll currently
> screw things up royally! For example deleting admin related roles and
> clients. Created https://issues.jboss.org/browse/KEYCLOAK-1340 for this.
> Similar issue pointed some time ago by Petr Mensik from QA team: if you
> change SSO session max lifespan timeout for example to 1 second, you are
> immediately logged out from admin console and you're not able to login
> again (More accurately you are able to login, but you're logged out
> immediately due to session timeout).
>
> There are likely bunch of similar things and not sure if we can handle
> all of them. Question is if these are not just "theoretic" issues? I
> can't remember any user complain on ML that he accidentally broke his
> keycloak DB by delete/configure something strange in admin console.
>
> Marek
> >
> > For admin user maybe rather than a reset admin password option, we
> should have a reset admin account option?
> >
> >> Should the new operation only work on the master admin password or can
> >> it be applied to any user in any realm?
> > +1 To just admin
> >
> >>
> >> _______________________________________________
> >> keycloak-dev mailing list
> >> keycloak-dev at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >>
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20150522/9cb73b78/attachment.html

More information about the keycloak-dev mailing list