<div dir="ltr">Why do you say Keycloak and Keycloak Docker image are two different projects? Keycloak Docker image is provided and maintained by the Keycloak team and is such part of the Keycloak project itself.</div><div class="gmail_extra"><br><div class="gmail_quote">On 17 December 2015 at 18:01, Pavel Maslov <span dir="ltr"><<a href="mailto:pavel.masloff@gmail.com" target="_blank">pavel.masloff@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Dong, note that Keycloak and Keycloak Docker image are two different projects. You can, however, customize the official docker image depending on your requirements. </div><div class="gmail_extra"><br clear="all"><div><div><div dir="ltr"><div><div dir="ltr"><div style="font-family:arial;font-size:small"><div dir="ltr"><font color="#888888">Regards,<br>Pavel Maslov, MS</font></div></div></div></div></div></div></div><div><div class="h5">
<br><div class="gmail_quote">On Thu, Dec 17, 2015 at 5:48 PM, Dong Xie <span dir="ltr"><<a href="mailto:xied75@gmail.com" target="_blank">xied75@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="EN-GB" link="blue" vlink="#954F72"><div><p class="MsoNormal">That is great news, when is 1.8 release time?</p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">Also is that possible to take ENV var to enable SSL and take the configuration of certs files via a container volume? Hope those has been in the plan, if not I’m happy to raise the issue in JIRA and see if I can contribute towards it.</p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">Best regards,</p><span><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">Dong<u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">Sent from <a href="http://go.microsoft.com/fwlink/?LinkId=550986" target="_blank">Mail</a> for Windows 10</p><p><u></u> <u></u></p><p><u></u> <u></u></p></span><div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0cm 0cm 0cm"><p class="MsoNormal" style="border:none;padding:0cm"><br><b>From: </b>Stian Thorgersen<br><b>Sent: </b>17 December 2015 16:43</p><div><div><br><b>To: </b>Dong Xie<br><b>Cc: </b><a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br><b>Subject: </b>Re: [keycloak-user] out of box experiences and automation</div></div><p></p></div><div><div><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif"><u></u> <u></u></span></p><div><p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif">We will soon remove the built-in admin/admin user account. For the Docker image you will either have to:</span><span style="font-size:12.0pt;font-family:"Times New Roman",serif"><u></u><u></u></span></p><div><p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif"><u></u> <u></u></span></p></div><div><p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif">1. Pass the admin username and password with environment variables<u></u><u></u></span></p></div><div><p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif">2. Access via localhost (port forwarding) to create an initial user account<u></u><u></u></span></p></div><div><p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif"><u></u> <u></u></span></p></div><div><p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif">That'll be added in 1.8.<u></u><u></u></span></p></div></div><div><p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif"><u></u> <u></u></span></p><div><p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif">On 17 December 2015 at 17:05, Dong Xie <<a href="mailto:xied75@gmail.com" target="_blank">xied75@gmail.com</a>> wrote:<u></u><u></u></span></p><blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm"><div><div><p class="MsoNormal">Keycloak is deployed as docker container into cloud, once the container starts, the keycloak server starts, I can’t stop it being called or call the script before the container starts, unless I bother to make a customised docker image, which is not ideal. Since there is no human action involved, no one will reset the admin password via browser, unless you mean I can call REST API to fully setup admin user. Also when I add new user if I add it into master realm it will be as powerful as admin, at least that’s what I observed? Therefore leaving the admin there is only going to be a security hole, and the best practice is to get rid of as fast as I can.<u></u><u></u></p><p class="MsoNormal"> </p><p class="MsoNormal">Best,</p><p class="MsoNormal"> </p><p class="MsoNormal">Dong</p><p class="MsoNormal"> </p><p class="MsoNormal">Sent from <a href="http://go.microsoft.com/fwlink/?LinkId=550986" target="_blank">Mail</a> for Windows 10</p><p> </p><p> </p><div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0cm 0cm 0cm"><p class="MsoNormal"><br><b>From: </b>Stian Thorgersen<br><b>Sent: </b>17 December 2015 15:57</p><div><div><p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif"><br><b>To: </b>Dong Xie<br><b>Cc: </b><a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br><b>Subject: </b>Re: [keycloak-user] out of box experiences and automation<u></u><u></u></span></p></div></div></div><div><div><p class="MsoNormal"> <u></u><u></u></p><p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif"> </span></p><div><p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif">You don't need to restart the server, you can call the script before starting the server in the first place.</span></p><div><p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif"> </span></p></div><div><p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif">Why do you need to remove the admin? Do you not need to have at least one admin account on the server.</span></p></div><div><p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif"> </span></p></div><div><p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif">What do you mean about init access token?</span></p></div></div><div><p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif"> </span></p><div><p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif">On 17 December 2015 at 16:49, Dong Xie <<a href="mailto:xied75@gmail.com" target="_blank">xied75@gmail.com</a>> wrote:</span></p><blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt"><div><div><p class="MsoNormal">That’s exactly what I used, so before I can expose the keycloak to the world, I need to get into the node, call the script, restart server, login with the new admin, calling REST api to remove the admin, sounds like a lot of work?</p><p class="MsoNormal"> </p><p class="MsoNormal">Can we not config an init access token or something similar to smooth the thing, for our poor DevOps life?</p><p class="MsoNormal"> </p><p class="MsoNormal">Any help would be great!</p><p class="MsoNormal"> </p><p class="MsoNormal">Best,</p><p class="MsoNormal"> </p><p class="MsoNormal">Dong</p><p class="MsoNormal"> </p><p class="MsoNormal">Sent from <a href="http://go.microsoft.com/fwlink/?LinkId=550986" target="_blank">Mail</a> for Windows 10</p><p> </p><p> </p><div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0cm 0cm 0cm"><p class="MsoNormal"><br><b>From: </b>Stian Thorgersen<br><b>Sent: </b>17 December 2015 15:41<br><b>To: </b>Dong Xie<br><b>Cc: </b><a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br><b>Subject: </b>Re: [keycloak-user] out of box experiences and automation</p></div><div><div><p class="MsoNormal"> </p><p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif"> </span></p><div><p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif">>From 1.7 you can add a admin user using the add-user script. See <a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e136" target="_blank">http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e136</a></span></p></div><div><p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif"> </span></p><div><p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif">On 17 December 2015 at 16:38, Dong Xie <<a href="mailto:xied75@gmail.com" target="_blank">xied75@gmail.com</a>> wrote:</span></p><blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt"><div><div><p class="MsoNormal">Dear all,</p><p class="MsoNormal"> </p><p class="MsoNormal">I wonder how do I work around needing to browse the web page and login with admin + admin to change the password? We are deploying keycloak in an automated flow thus no human interaction is expected.</p><p class="MsoNormal"> </p><p class="MsoNormal">Thanks very much for your help!</p><p class="MsoNormal"> </p><p class="MsoNormal">Best,</p><p class="MsoNormal"> </p><p class="MsoNormal">Dong</p><p class="MsoNormal"> </p><p class="MsoNormal">Sent from <a href="http://go.microsoft.com/fwlink/?LinkId=550986" target="_blank">Mail</a> for Windows 10</p></div></div><p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif"><br>_______________________________________________<br>keycloak-user mailing list<br><a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br><a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></span></p></blockquote></div></div><p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif"> </span></p><p class="MsoNormal"> </p><p class="MsoNormal"> </p></div></div></div></div></blockquote></div></div><p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif"> </span></p><p class="MsoNormal"> </p><p class="MsoNormal"> </p></div></div></div></div><p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif"><br>_______________________________________________<br>keycloak-user mailing list<br><a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br><a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><u></u><u></u></span></p></blockquote></div></div><p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif"><u></u> <u></u></span></p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal"><u></u> <u></u></p></div></div></div></div><br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div></div></div>
<br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>