Re: [keycloak-dev] Default admin password
It would be nice to extract the ApplianceBootstrap into a keycloak-boostrapping.json file.
That would let AeroGear and LiveOak modify this file instead of having to extend the
KeycloakApplication. It would be nice if AeroGear and LiveOak had to maintain less
redundancy in the future. At the moment they both have to build their own custom WAR,
maintaining all dependencies, web.xml, persistence.xml, extending KeycloakApplication,
etc. I think we could make this simpler by adding the WAR to Maven, then have Maven remove
whatever dependencies AeroGear doesn't use, replace the keycloak-boostrapping.json,
and that's it.
The initial password is only used on first boot, so the server config file isn't
suitable.
----- Original Message -----
From: "Marek Posolda" <mposolda(a)redhat.com>
To: keycloak-dev(a)lists.jboss.org
Sent: Wednesday, 28 May, 2014 9:27:04 AM
Subject: [keycloak-dev] Default admin password
Currently there are many things for initialization of master realm
hardcoded in ApplianceBootstrap including the initial password of admin
user. Maybe it's not so big issue as user is required to change admin
password after first login, but still it's not ideal IMO because if
someone access admin console faster than you, he can change admin
password and gain full admin access.
I wonder if we can improve this? At least adding initial admin password
into keycloak-server.json may help a bit as people can change default
value from "admin" to something else. wdyt?
Marek
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev