Hey Dong,

Take a look at my Docker image [1], particularly at this line:

RUN /opt/jboss/keycloak/bin/add-user.sh -u admin -p admin

[1] https://github.com/maslick/keycloak-docker

Regards,
Pavel Maslov, MS

On Thu, Dec 17, 2015 at 5:05 PM, Dong Xie <xied75@gmail.com> wrote:

Keycloak is deployed as docker container into cloud, once the container starts, the keycloak server starts, I can’t stop it being called or call the script before the container starts, unless I bother to make a customised docker image, which is not ideal. Since there is no human action involved, no one will reset the admin password via browser, unless you mean I can call REST API to fully setup admin user. Also when I add new user if I add it into master realm it will be as powerful as admin, at least that’s what I observed? Therefore leaving the admin there is only going to be a security hole, and the best practice is to get rid of as fast as I can.

 

Best,

 

Dong

 

Sent from Mail for Windows 10

 

 


From: Stian Thorgersen
Sent: 17 December 2015 15:57


To: Dong Xie
Cc: keycloak-user@lists.jboss.org
Subject: Re: [keycloak-user] out of box experiences and automation

 

 

You don't need to restart the server, you can call the script before starting the server in the first place.

 

Why do you need to remove the admin? Do you not need to have at least one admin account on the server.

 

What do you mean about init access token?

 

On 17 December 2015 at 16:49, Dong Xie <xied75@gmail.com> wrote:

That’s exactly what I used, so before I can expose the keycloak to the world, I need to get into the node, call the script, restart server, login with the new admin, calling REST api to remove the admin, sounds like a lot of work?

 

Can we not config an init access token or something similar to smooth the thing, for our poor DevOps life?

 

Any help would be great!

 

Best,

 

Dong

 

Sent from Mail for Windows 10

 

 


From: Stian Thorgersen
Sent: 17 December 2015 15:41
To: Dong Xie
Cc: keycloak-user@lists.jboss.org
Subject: Re: [keycloak-user] out of box experiences and automation

 

 

From 1.7 you can add a admin user using the add-user script. See http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e136

 

On 17 December 2015 at 16:38, Dong Xie <xied75@gmail.com> wrote:

Dear all,

 

I wonder how do I work around needing to browse the web page and login with admin + admin to change the password? We are deploying keycloak in an automated flow thus no human interaction is expected.

 

Thanks very much for your help!

 

Best,

 

Dong

 

Sent from Mail for Windows 10


_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user

 

 

 

 

 

 


_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user