[keycloak-user] out of box experiences and automation

Pavel Maslov pavel.masloff at gmail.com
Fri Dec 18 03:27:35 EST 2015


Hi, Stian

Didn't know that, sorry. What I meant is people have different use-cases,
you guys provide a base image. Keycloak users are free to extend the base
image. For example, I was forced to create my own docker image, because the
base image doesn't provide external database support, nor SSL.

Regards,
Pavel Maslov, MS

On Fri, Dec 18, 2015 at 8:34 AM, Stian Thorgersen <sthorger at redhat.com>
wrote:

> Why do you say Keycloak and Keycloak Docker image are two different
> projects? Keycloak Docker image is provided and maintained by the Keycloak
> team and is such part of the Keycloak project itself.
>
> On 17 December 2015 at 18:01, Pavel Maslov <pavel.masloff at gmail.com>
> wrote:
>
>> Dong, note that Keycloak and  Keycloak Docker image are two different
>> projects. You can, however, customize the official docker image depending
>> on your requirements.
>>
>> Regards,
>> Pavel Maslov, MS
>>
>> On Thu, Dec 17, 2015 at 5:48 PM, Dong Xie <xied75 at gmail.com> wrote:
>>
>>> That is great news, when is 1.8 release time?
>>>
>>>
>>>
>>> Also is that possible to take ENV var to enable SSL and take the
>>> configuration of certs files via a container volume? Hope those has been in
>>> the plan, if not I’m happy to raise the issue in JIRA and see if I can
>>> contribute towards it.
>>>
>>>
>>>
>>> Best regards,
>>>
>>>
>>>
>>> Dong
>>>
>>>
>>>
>>> Sent from Mail <http://go.microsoft.com/fwlink/?LinkId=550986> for
>>> Windows 10
>>>
>>>
>>>
>>>
>>>
>>>
>>> *From: *Stian Thorgersen
>>> *Sent: *17 December 2015 16:43
>>>
>>> *To: *Dong Xie
>>> *Cc: *keycloak-user at lists.jboss.org
>>> *Subject: *Re: [keycloak-user] out of box experiences and automation
>>>
>>>
>>>
>>>
>>>
>>> We will soon remove the built-in admin/admin user account. For the
>>> Docker image you will either have to:
>>>
>>>
>>>
>>> 1. Pass the admin username and password with environment variables
>>>
>>> 2. Access via localhost (port forwarding) to create an initial user
>>> account
>>>
>>>
>>>
>>> That'll be added in 1.8.
>>>
>>>
>>>
>>> On 17 December 2015 at 17:05, Dong Xie <xied75 at gmail.com> wrote:
>>>
>>> Keycloak is deployed as docker container into cloud, once the container
>>> starts, the keycloak server starts, I can’t stop it being called or call
>>> the script before the container starts, unless I bother to make a
>>> customised docker image, which is not ideal. Since there is no human action
>>> involved, no one will reset the admin password via browser, unless you mean
>>> I can call REST API to fully setup admin user. Also when I add new user if
>>> I add it into master realm it will be as powerful as admin, at least that’s
>>> what I observed? Therefore leaving the admin there is only going to be a
>>> security hole, and the best practice is to get rid of as fast as I can.
>>>
>>>
>>>
>>> Best,
>>>
>>>
>>>
>>> Dong
>>>
>>>
>>>
>>> Sent from Mail <http://go.microsoft.com/fwlink/?LinkId=550986> for
>>> Windows 10
>>>
>>>
>>>
>>>
>>>
>>>
>>> *From: *Stian Thorgersen
>>> *Sent: *17 December 2015 15:57
>>>
>>>
>>> *To: *Dong Xie
>>> *Cc: *keycloak-user at lists.jboss.org
>>> *Subject: *Re: [keycloak-user] out of box experiences and automation
>>>
>>>
>>>
>>>
>>>
>>> You don't need to restart the server, you can call the script before
>>> starting the server in the first place.
>>>
>>>
>>>
>>> Why do you need to remove the admin? Do you not need to have at least
>>> one admin account on the server.
>>>
>>>
>>>
>>> What do you mean about init access token?
>>>
>>>
>>>
>>> On 17 December 2015 at 16:49, Dong Xie <xied75 at gmail.com> wrote:
>>>
>>> That’s exactly what I used, so before I can expose the keycloak to the
>>> world, I need to get into the node, call the script, restart server, login
>>> with the new admin, calling REST api to remove the admin, sounds like a lot
>>> of work?
>>>
>>>
>>>
>>> Can we not config an init access token or something similar to smooth
>>> the thing, for our poor DevOps life?
>>>
>>>
>>>
>>> Any help would be great!
>>>
>>>
>>>
>>> Best,
>>>
>>>
>>>
>>> Dong
>>>
>>>
>>>
>>> Sent from Mail <http://go.microsoft.com/fwlink/?LinkId=550986> for
>>> Windows 10
>>>
>>>
>>>
>>>
>>>
>>>
>>> *From: *Stian Thorgersen
>>> *Sent: *17 December 2015 15:41
>>> *To: *Dong Xie
>>> *Cc: *keycloak-user at lists.jboss.org
>>> *Subject: *Re: [keycloak-user] out of box experiences and automation
>>>
>>>
>>>
>>>
>>>
>>> >From 1.7 you can add a admin user using the add-user script. See
>>> http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e136
>>>
>>>
>>>
>>> On 17 December 2015 at 16:38, Dong Xie <xied75 at gmail.com> wrote:
>>>
>>> Dear all,
>>>
>>>
>>>
>>> I wonder how do I work around needing to browse the web page and login
>>> with admin + admin to change the password? We are deploying keycloak in an
>>> automated flow thus no human interaction is expected.
>>>
>>>
>>>
>>> Thanks very much for your help!
>>>
>>>
>>>
>>> Best,
>>>
>>>
>>>
>>> Dong
>>>
>>>
>>>
>>> Sent from Mail <http://go.microsoft.com/fwlink/?LinkId=550986> for
>>> Windows 10
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151218/ae753718/attachment-0001.html 


More information about the keycloak-user mailing list