[keycloak-dev] Reset admin password

Stan Silvert ssilvert at redhat.com
Fri May 22 09:06:13 EDT 2015


On 5/22/2015 8:56 AM, Stian Thorgersen wrote:
>
> ----- Original Message -----
>> From: "Stan Silvert" <ssilvert at redhat.com>
>> To: keycloak-dev at lists.jboss.org
>> Sent: Friday, 22 May, 2015 2:46:59 PM
>> Subject: [keycloak-dev] Reset admin password
>>
>> We need a way to reset the admin password in case it is lost or
>> hijacked.  The proposal is to do that through an operation on the
>> keycloak-server-subsystem that only runs in "offline CLI" mode.
>>
>> First, we currently allow you to delete the admin user.  Should we
>> disallow that and make the master admin user permanent?
> Interesting question - quick answer, not sure!
>
> There are all sorts of things that can be deleted that'll currently screw things up royally! For example deleting admin related roles and clients. Created https://issues.jboss.org/browse/KEYCLOAK-1340 for this.
>
> For admin user maybe rather than a reset admin password option, we should have a reset admin account option?
Depends on what "reset admin account" actually does.  I wouldn't want a 
"reset admin account" to change things that the user put there on 
purpose.  If you can reset the password and get into the account then 
you can go into the UI and change anything that doesn't look right.

>
>> Should the new operation only work on the master admin password or can
>> it be applied to any user in any realm?
> +1 To just admin
>
>>
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>



More information about the keycloak-dev mailing list