[keycloak-user] Admin's password override

Marek Posolda mposolda at redhat.com
Tue Mar 17 18:01:48 EDT 2015 

Hi Juca,

You can already change the default admin password by override 
KeycloakApplication class and init the default model in 
setupDefaultRealm. See for example: 
https://github.com/keycloak/keycloak/blob/master/project-integrations/aerogear-ups/auth-server/src/main/java/org/aerogear/ups/security/UpsSecurityApplication.java

Theoretically you can do anything you want in overriden class - for 
example save File with random content somewhere to the filesystem and 
set the value of initial admin password to this random content as you 
mentioned.

Marek

On 17.3.2015 17:51, Juraci Paixão Kröhling wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> All,
>
> While it makes sense to ship with a default password for the admin
> user on Keycloak distributions, as it's reasonable to think that the
> admin is going to explore Keycloak right away, this expectation is not
> true for the situation where Keycloak is embedded into another
> product. I can imagine that the first time an "admin" will need to log
> into Keycloak's admin console when embedded into another product would
> be days/weeks after the initial setup.
>
> That said, I'm collecting ideas on how to solve this issue for
> Hawkular. The first and most intuitive solution I can think of is to
> import an users JSON file on the first boot, which would (in theory, I
> haven't tested) override the password for admin. This password would
> need to be stored in clear text somewhere in the system, but I believe
> the pros/cons are worth on this scenario (as this password will be
> valid only until the first login, so, days/weeks "only").
>
> Do you have better ideas? Or feedback on whether the mentioned
> approach would/wouldn't work? Or strong arguments against doing that?
>
> - - Juca.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQEcBAEBAgAGBQJVCFuSAAoJEDnJtskdmzLMAWkH/juBqh3DlgQXPjU5CNubRzvI
> yst+2RhbESlMBxtcB+zXKLONbaiGOhdxdoAvg6qIq69WYZyYzYHEOFPMBLdZiN5D
> TZnNaGrBfsoJoMPmkNIs4YTJal8Gf3BRXrnRVjfIRI6D8TUpf+yVVEtd6/eGlajX
> tjTFWk7RgxmaNqPIaiBQONg1Ycx1GfE2NjSIo0CXcb13xix1Z/T2XzufTj8zGQru
> YiToATcX1kM27E3SgUax52pD9CtnQFrfkh7EeZsVciMM8yB/Fw0BAqSVxpBwza9b
> a7T5uynnk4AXxm4ZLFiclkqywgRpeeNpuhUngX1+02S8KlialFe+58CtXhjRPYs=
> =eea0
> -----END PGP SIGNATURE-----
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list