[keycloak-user] out of box experiences and automation

Stian Thorgersen sthorger at redhat.com
Fri Dec 18 02:31:24 EST 2015 

On 17 December 2015 at 17:48, Dong Xie <xied75 at gmail.com> wrote:

> That is great news, when is 1.8 release time?
>
>
>
> Also is that possible to take ENV var to enable SSL and take the
> configuration of certs files via a container volume? Hope those has been in
> the plan, if not I’m happy to raise the issue in JIRA and see if I can
> contribute towards it.
>

We haven't planned to add that, but it would be nice to have. So feel free
to create a JIRA. A PR would be even better :)


>
>
> Best regards,
>
>
>
> Dong
>
>
>
> Sent from Mail <http://go.microsoft.com/fwlink/?LinkId=550986> for
> Windows 10
>
>
>
>
>
>
> *From: *Stian Thorgersen
> *Sent: *17 December 2015 16:43
>
> *To: *Dong Xie
> *Cc: *keycloak-user at lists.jboss.org
> *Subject: *Re: [keycloak-user] out of box experiences and automation
>
>
>
>
>
> We will soon remove the built-in admin/admin user account. For the Docker
> image you will either have to:
>
>
>
> 1. Pass the admin username and password with environment variables
>
> 2. Access via localhost (port forwarding) to create an initial user account
>
>
>
> That'll be added in 1.8.
>
>
>
> On 17 December 2015 at 17:05, Dong Xie <xied75 at gmail.com> wrote:
>
> Keycloak is deployed as docker container into cloud, once the container
> starts, the keycloak server starts, I can’t stop it being called or call
> the script before the container starts, unless I bother to make a
> customised docker image, which is not ideal. Since there is no human action
> involved, no one will reset the admin password via browser, unless you mean
> I can call REST API to fully setup admin user. Also when I add new user if
> I add it into master realm it will be as powerful as admin, at least that’s
> what I observed? Therefore leaving the admin there is only going to be a
> security hole, and the best practice is to get rid of as fast as I can.
>
>
>
> Best,
>
>
>
> Dong
>
>
>
> Sent from Mail <http://go.microsoft.com/fwlink/?LinkId=550986> for
> Windows 10
>
>
>
>
>
>
> *From: *Stian Thorgersen
> *Sent: *17 December 2015 15:57
>
>
> *To: *Dong Xie
> *Cc: *keycloak-user at lists.jboss.org
> *Subject: *Re: [keycloak-user] out of box experiences and automation
>
>
>
>
>
> You don't need to restart the server, you can call the script before
> starting the server in the first place.
>
>
>
> Why do you need to remove the admin? Do you not need to have at least one
> admin account on the server.
>
>
>
> What do you mean about init access token?
>
>
>
> On 17 December 2015 at 16:49, Dong Xie <xied75 at gmail.com> wrote:
>
> That’s exactly what I used, so before I can expose the keycloak to the
> world, I need to get into the node, call the script, restart server, login
> with the new admin, calling REST api to remove the admin, sounds like a lot
> of work?
>
>
>
> Can we not config an init access token or something similar to smooth the
> thing, for our poor DevOps life?
>
>
>
> Any help would be great!
>
>
>
> Best,
>
>
>
> Dong
>
>
>
> Sent from Mail <http://go.microsoft.com/fwlink/?LinkId=550986> for
> Windows 10
>
>
>
>
>
>
> *From: *Stian Thorgersen
> *Sent: *17 December 2015 15:41
> *To: *Dong Xie
> *Cc: *keycloak-user at lists.jboss.org
> *Subject: *Re: [keycloak-user] out of box experiences and automation
>
>
>
>
>
> >From 1.7 you can add a admin user using the add-user script. See
> http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e136
>
>
>
> On 17 December 2015 at 16:38, Dong Xie <xied75 at gmail.com> wrote:
>
> Dear all,
>
>
>
> I wonder how do I work around needing to browse the web page and login
> with admin + admin to change the password? We are deploying keycloak in an
> automated flow thus no human interaction is expected.
>
>
>
> Thanks very much for your help!
>
>
>
> Best,
>
>
>
> Dong
>
>
>
> Sent from Mail <http://go.microsoft.com/fwlink/?LinkId=550986> for
> Windows 10
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151218/babafed8/attachment.html

More information about the keycloak-user mailing list