Currently there are many things for initialization of master realm hardcoded in ApplianceBootstrap including the initial password of admin user. Maybe it's not so big issue as user is required to change admin password after first login, but still it's not ideal IMO because if someone access admin console faster than you, he can change admin password and gain full admin access. I wonder if we can improve this? At least adding initial admin password into keycloak-server.json may help a bit as people can change default value from "admin" to something else. wdyt? Marek _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev

It would be nice to extract the ApplianceBootstrap into a keycloak-boostrapping.json file. That would let AeroGear and LiveOak modify this file instead of having to extend the KeycloakApplication. It would be nice if AeroGear and LiveOak had to maintain less redundancy in the future. At the moment they both have to build their own custom WAR, maintaining all dependencies, web.xml, persistence.xml, extending KeycloakApplication, etc. I think we could make this simpler by adding the WAR to Maven, then have Maven remove whatever dependencies AeroGear doesn't use, replace the keycloak-boostrapping.json, and that's it. The initial password is only used on first boot, so the server config file isn't suitable. ----- Original Message ----- > From: "Marek Posolda" <mposolda(a)redhat.com&gt; > To: keycloak-dev(a)lists.jboss.org > Sent: Wednesday, 28 May, 2014 9:27:04 AM > Subject: [keycloak-dev] Default admin password > > Currently there are many things for initialization of master realm > hardcoded in ApplianceBootstrap including the initial password of admin > user. Maybe it's not so big issue as user is required to change admin > password after first login, but still it's not ideal IMO because if > someone access admin console faster than you, he can change admin > password and gain full admin access. > > I wonder if we can improve this? At least adding initial admin password > into keycloak-server.json may help a bit as people can change default > value from "admin" to something else. wdyt? > > Marek > _______________________________________________ > keycloak-dev mailing list > keycloak-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-dev > _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev

From: "Bill Burke" <bburke(a)redhat.com&gt; To: keycloak-dev(a)lists.jboss.org Sent: Wednesday, 28 May, 2014 2:27:06 PM Subject: Re: [keycloak-dev] Default admin password While we're on the topic of making things easier. It would be cool if I could package up a theme in a jar (like web fragments) and not have to do any coding like I had to do to add a theme to the aerogear example. On 5/28/2014 4:47 AM, Stian Thorgersen wrote: > It would be nice to extract the ApplianceBootstrap into a > keycloak-boostrapping.json file. That would let AeroGear and LiveOak > modify this file instead of having to extend the KeycloakApplication. It > would be nice if AeroGear and LiveOak had to maintain less redundancy in > the future. At the moment they both have to build their own custom WAR, > maintaining all dependencies, web.xml, persistence.xml, extending > KeycloakApplication, etc. I think we could make this simpler by adding the > WAR to Maven, then have Maven remove whatever dependencies AeroGear > doesn't use, replace the keycloak-boostrapping.json, and that's it. > > The initial password is only used on first boot, so the server config file > isn't suitable. > > ----- Original Message ----- >> From: "Marek Posolda" <mposolda(a)redhat.com&gt; >> To: keycloak-dev(a)lists.jboss.org >> Sent: Wednesday, 28 May, 2014 9:27:04 AM >> Subject: [keycloak-dev] Default admin password >> >> Currently there are many things for initialization of master realm >> hardcoded in ApplianceBootstrap including the initial password of admin >> user. Maybe it's not so big issue as user is required to change admin >> password after first login, but still it's not ideal IMO because if >> someone access admin console faster than you, he can change admin >> password and gain full admin access. >> >> I wonder if we can improve this? At least adding initial admin password >> into keycloak-server.json may help a bit as people can change default >> value from "admin" to something else. wdyt? >> >> Marek >> _______________________________________________ >> keycloak-dev mailing list >> keycloak-dev(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-dev >> > _______________________________________________ > keycloak-dev mailing list > keycloak-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-dev > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev