----- Original Message -----
From: "Bill Burke" <bburke(a)redhat.com>
To: "Stian Thorgersen" <stian(a)redhat.com>
Sent: Friday, 1 August, 2014 2:23:39 PM
Subject: Re: [keycloak-dev] delete users on federation removal?
On 8/1/2014 4:18 AM, Stian Thorgersen wrote:
> ----- Original Message -----
>> From: "Bill Burke" <bburke(a)redhat.com>
>> To: keycloak-dev(a)lists.jboss.org
>> Sent: Thursday, 31 July, 2014 11:01:12 PM
>> Subject: Re: [keycloak-dev] delete users on federation removal?
>> Ya, this is quite hairy. You'll have to set the REQUIRED ACTION to
>> reset all credentials handled by the federation provider.
>> Unfortunately, you can now only set one required action per user :(
> You can still set multiple. The user has a Set<RequiredAction> and we even
> have a test that checks users with multiple actions
Ugh, I'm really sorry. I think I remembered you saying you were going
to switch it to one action, looked at the code quickly and missed the
Set<RequiredAction> method on UserModel...I AM LOSING MY MIND!!!!
Honest mistake, I switched the authorization code so it's only valid for one action at
a time. So if a user has multiple required actions, the code will be set to the first one,
then the user redirect to that action page, then the code will be updated with the new
action + timestamp refreshed, redirected to next action page, etc.. Keeping the spirit of
code is a one-time-thing alive ;)
Still not sure what to do about credentials though. We can't have open
accounts that can be reset without specifying old password. We could
send out an email maybe.
Must be deferred to post 1.0.final.
+1 To deferre it
One related thing I think we'll need is the ability to do batch updates to users. For
example an admin may want to:
* Require a group of users to update their password
* Disable a group of users
* Add a role to a group of users
Not sure how the admin would specify the group though, maybe by role?
JBoss, a division of Red Hat