[keycloak-user] Admin's password override

Juraci Paixão Kröhling juraci at kroehling.de
Tue Mar 17 12:51:30 EDT 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

All,

While it makes sense to ship with a default password for the admin
user on Keycloak distributions, as it's reasonable to think that the
admin is going to explore Keycloak right away, this expectation is not
true for the situation where Keycloak is embedded into another
product. I can imagine that the first time an "admin" will need to log
into Keycloak's admin console when embedded into another product would
be days/weeks after the initial setup.

That said, I'm collecting ideas on how to solve this issue for
Hawkular. The first and most intuitive solution I can think of is to
import an users JSON file on the first boot, which would (in theory, I
haven't tested) override the password for admin. This password would
need to be stored in clear text somewhere in the system, but I believe
the pros/cons are worth on this scenario (as this password will be
valid only until the first login, so, days/weeks "only").

Do you have better ideas? Or feedback on whether the mentioned
approach would/wouldn't work? Or strong arguments against doing that?

- - Juca.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJVCFuSAAoJEDnJtskdmzLMAWkH/juBqh3DlgQXPjU5CNubRzvI
yst+2RhbESlMBxtcB+zXKLONbaiGOhdxdoAvg6qIq69WYZyYzYHEOFPMBLdZiN5D
TZnNaGrBfsoJoMPmkNIs4YTJal8Gf3BRXrnRVjfIRI6D8TUpf+yVVEtd6/eGlajX
tjTFWk7RgxmaNqPIaiBQONg1Ycx1GfE2NjSIo0CXcb13xix1Z/T2XzufTj8zGQru
YiToATcX1kM27E3SgUax52pD9CtnQFrfkh7EeZsVciMM8yB/Fw0BAqSVxpBwza9b
a7T5uynnk4AXxm4ZLFiclkqywgRpeeNpuhUngX1+02S8KlialFe+58CtXhjRPYs=
=eea0
-----END PGP SIGNATURE-----


More information about the keycloak-user mailing list