[keycloak-user] out of box experiences and automation

Pavel Maslov pavel.masloff at gmail.com
Thu Dec 17 11:20:31 EST 2015 

Hey Dong,

Take a look at my Docker image [1], particularly at this line:

RUN /opt/jboss/keycloak/bin/add-user.sh -u admin -p admin

[1] https://github.com/maslick/keycloak-docker

Regards,
Pavel Maslov, MS

On Thu, Dec 17, 2015 at 5:05 PM, Dong Xie <xied75 at gmail.com> wrote:

> Keycloak is deployed as docker container into cloud, once the container
> starts, the keycloak server starts, I can’t stop it being called or call
> the script before the container starts, unless I bother to make a
> customised docker image, which is not ideal. Since there is no human action
> involved, no one will reset the admin password via browser, unless you mean
> I can call REST API to fully setup admin user. Also when I add new user if
> I add it into master realm it will be as powerful as admin, at least that’s
> what I observed? Therefore leaving the admin there is only going to be a
> security hole, and the best practice is to get rid of as fast as I can.
>
>
>
> Best,
>
>
>
> Dong
>
>
>
> Sent from Mail <http://go.microsoft.com/fwlink/?LinkId=550986> for
> Windows 10
>
>
>
>
>
>
> *From: *Stian Thorgersen
> *Sent: *17 December 2015 15:57
>
> *To: *Dong Xie
> *Cc: *keycloak-user at lists.jboss.org
> *Subject: *Re: [keycloak-user] out of box experiences and automation
>
>
>
>
>
> You don't need to restart the server, you can call the script before
> starting the server in the first place.
>
>
>
> Why do you need to remove the admin? Do you not need to have at least one
> admin account on the server.
>
>
>
> What do you mean about init access token?
>
>
>
> On 17 December 2015 at 16:49, Dong Xie <xied75 at gmail.com> wrote:
>
> That’s exactly what I used, so before I can expose the keycloak to the
> world, I need to get into the node, call the script, restart server, login
> with the new admin, calling REST api to remove the admin, sounds like a lot
> of work?
>
>
>
> Can we not config an init access token or something similar to smooth the
> thing, for our poor DevOps life?
>
>
>
> Any help would be great!
>
>
>
> Best,
>
>
>
> Dong
>
>
>
> Sent from Mail <http://go.microsoft.com/fwlink/?LinkId=550986> for
> Windows 10
>
>
>
>
>
>
> *From: *Stian Thorgersen
> *Sent: *17 December 2015 15:41
> *To: *Dong Xie
> *Cc: *keycloak-user at lists.jboss.org
> *Subject: *Re: [keycloak-user] out of box experiences and automation
>
>
>
>
>
> From 1.7 you can add a admin user using the add-user script. See
> http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e136
>
>
>
> On 17 December 2015 at 16:38, Dong Xie <xied75 at gmail.com> wrote:
>
> Dear all,
>
>
>
> I wonder how do I work around needing to browse the web page and login
> with admin + admin to change the password? We are deploying keycloak in an
> automated flow thus no human interaction is expected.
>
>
>
> Thanks very much for your help!
>
>
>
> Best,
>
>
>
> Dong
>
>
>
> Sent from Mail <http://go.microsoft.com/fwlink/?LinkId=550986> for
> Windows 10
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151217/df589ae5/attachment.html

More information about the keycloak-user mailing list