<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">I'm actually starting on the design and
implementation of this right now. It's import/export from the
admin console. It will also have the ability to import/export
partial pieces of a realm such as just users.<br>
<br>
Thanks for the comments so far on this thread. They have been
very helpful.<br>
<br>
We will keep the idea that no secrets should ever be exported from
admin console. I'm not sure that having a flag for it in
keycloak-server.json helps. To edit keycloak-server.json, you
need access to the server, in which case you might as well do the
current import/export.<br>
<br>
So what do you do after you import a user with no credentials?
Some ideas:<br>
* The administrator can reset the password manually.<br>
* The user can do password recovery (if enabled)<br>
<br>
An other ideas?<br>
<br>
Stan<br>
<br>
On 10/5/2015 12:34 PM, Tim Dudgeon wrote:<br>
</div>
<blockquote cite="mid:5612A6B3.3010307@gmail.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
That's a good point. Having to stop/start the server to generate
an export is not ideal.<br>
<br>
Tim <br>
<br>
<div class="moz-cite-prefix">On 05/10/2015 11:56, Thomas Raehalme
wrote:<br>
</div>
<blockquote
cite="mid:CAPyAMobO-uieDFk8CmL5rDB+r9rAFqN9z7hWx9pX8ejLmBSA1A@mail.gmail.com"
type="cite">
<div dir="ltr"><br>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Oct 5, 2015 at 2:47 AM,
Bill Burke <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex"><span
class="">On 10/4/2015 5:37 PM, Thomas Raehalme wrote:<br>
</span>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex"><span
class=""> <br>
On Oct 4, 2015 23:57, "Bill Burke" <<a
moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:bburke@redhat.com">bburke@redhat.com</a><br>
</span><span class=""> <mailto:<a
moz-do-not-send="true"
href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>>>
wrote:<br>
><br>
> For security reasons we did not want to have a
remote option to export.<br>
<br>
</span></blockquote>
</blockquote>
<div><br>
</div>
<div>How about just storing the export as a local file on
the server? You'd need access to the server in order to
get the file (making the system compromised anyways).
The change to current behaviour is that you would be
able to trigger the export at will without server
restart.<br>
</div>
<div><br>
Best regards,<br>
</div>
<div>Thomas<br>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-user mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</body>
</html>