[keycloak-user] export of realm json

Scott Rossillo srossillo at smartling.com
Mon Oct 5 11:36:48 EDT 2015


It would be helpful to be able to export the realm from the admin console, but I understand the security risk and I wouldn’t want this enabled in production.

I’d say if you do end up adding a remote export option, it should be enabled in keycloak-server.json with the value set to disabled by default.


Scott Rossillo
Smartling | Senior Software Engineer
srossillo at smartling.com

 <https://app.sigstr.com/uc/55e5d41c6533390d03580000>
 <http://www.sigstr.com/>
> On Oct 5, 2015, at 6:56 AM, Thomas Raehalme <thomas.raehalme at aitiofinland.com> wrote:
> 
> 
> 
> On Mon, Oct 5, 2015 at 2:47 AM, Bill Burke <bburke at redhat.com <mailto:bburke at redhat.com>> wrote:
> On 10/4/2015 5:37 PM, Thomas Raehalme wrote:
> 
> On Oct 4, 2015 23:57, "Bill Burke" <bburke at redhat.com <mailto:bburke at redhat.com>
> <mailto:bburke at redhat.com <mailto:bburke at redhat.com>>> wrote:
>  >
>  > For security reasons we did not want to have a remote option to export.
> 
> 
> How about just storing the export as a local file on the server? You'd need access to the server in order to get the file (making the system compromised anyways). The change to current behaviour is that you would be able to trigger the export at will without server restart.
> 
> Best regards,
> Thomas
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151005/e6dfa0b6/attachment-0001.html 


More information about the keycloak-user mailing list