[keycloak-dev] Batch import/export

Stian Thorgersen sthorger at redhat.com
Wed Oct 21 06:00:34 EDT 2015


Those are nice additional options we could have. Simply have a checkbox to
re-generate realm keys and another checkbox to re-generate client secrets
(if a client is using jwt auth then we shouldn't re-generate the keys for
the client as we don't store the private key).

On 21 October 2015 at 10:06, Thomas Raehalme <
thomas.raehalme at aitiofinland.com> wrote:

> I think all of these sound useful!
>
> May I suggest another useful option when importing realm or client, which
> is to re-generate keys and secrets?
>
> Best regards,
> Thomas
>
> On Wed, Oct 21, 2015 at 11:00 AM, Stian Thorgersen <sthorger at redhat.com>
> wrote:
>
>> After your last email with regards to removing the import button from
>> client create page I had an idea.
>>
>> How about we do the following:
>>
>>
>> Import/export single
>> --------------------------
>> On realm, client, identity provider and user federation create pages we
>> add the import button. This will prefill the form and let the user review
>> before importing. This is how realm and client works now. We'd also add a
>> link to export a single entity when displaying it in the admin console
>> (next to the delete icon).
>>
>> Batch export
>> -----------------
>> When exporting a realm you can select what you want to export. The option
>> would include realm settings, clients, identity brokers, user federation,
>> users, credentials. Further there would be an option if export would be
>> done to a file or a json download. If export to file is selected you would
>> get the option to export credentials for users, if json download is
>> selected that option would be disabled.
>>
>> Batch import
>> -----------------
>> We should have options to import a realm as well as import into an
>> existing realm. For this we should have an option to select what happens if
>> resources exists (for example client with client-id exists, or user with
>> username exists). Options could be replace, skip, warn, error, etc..
>>
>>
>> Finally I was also thinking about an option where we'd have a import
>> directory on the server. Any files in this would be imported on startup.
>> Once imported we'd add a "<filename>.imported" or "<filename>.failed". Same
>> here it would be nice to be able to somehow specify the strategy if the
>> resource exists.
>>
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20151021/617a965f/attachment.html 


More information about the keycloak-dev mailing list