[keycloak-dev] Reset admin password

Stian Thorgersen stian at redhat.com
Fri May 22 09:56:54 EDT 2015



----- Original Message -----
> From: "Stan Silvert" <ssilvert at redhat.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: keycloak-dev at lists.jboss.org
> Sent: Friday, 22 May, 2015 3:06:13 PM
> Subject: Re: [keycloak-dev] Reset admin password
> 
> On 5/22/2015 8:56 AM, Stian Thorgersen wrote:
> >
> > ----- Original Message -----
> >> From: "Stan Silvert" <ssilvert at redhat.com>
> >> To: keycloak-dev at lists.jboss.org
> >> Sent: Friday, 22 May, 2015 2:46:59 PM
> >> Subject: [keycloak-dev] Reset admin password
> >>
> >> We need a way to reset the admin password in case it is lost or
> >> hijacked.  The proposal is to do that through an operation on the
> >> keycloak-server-subsystem that only runs in "offline CLI" mode.
> >>
> >> First, we currently allow you to delete the admin user.  Should we
> >> disallow that and make the master admin user permanent?
> > Interesting question - quick answer, not sure!
> >
> > There are all sorts of things that can be deleted that'll currently screw
> > things up royally! For example deleting admin related roles and clients.
> > Created https://issues.jboss.org/browse/KEYCLOAK-1340 for this.
> >
> > For admin user maybe rather than a reset admin password option, we should
> > have a reset admin account option?
> Depends on what "reset admin account" actually does.  I wouldn't want a
> "reset admin account" to change things that the user put there on
> purpose.  If you can reset the password and get into the account then
> you can go into the UI and change anything that doesn't look right.

How about "recover admin account" that:

1. If user 'admin' in realm 'master' doesn't exist create it
2. If user 'admin' doesn't have realm role 'admin' add it
3. Set user 'admin' password to either 'admin' or to specified password

> 
> >
> >> Should the new operation only work on the master admin password or can
> >> it be applied to any user in any realm?
> > +1 To just admin
> >
> >>
> >> _______________________________________________
> >> keycloak-dev mailing list
> >> keycloak-dev at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >>
> 
> 


More information about the keycloak-dev mailing list