[keycloak-user] export of realm json
Thomas Raehalme
thomas.raehalme at aitiofinland.com
Mon Oct 5 14:26:46 EDT 2015
On Oct 5, 2015 21:24, "Bill Burke" <bburke at redhat.com> wrote:
>
> I'm still averse to allowing export from admin console of any
> credentials or private keys.
Even if they are not directly downloadable but require access to the server
just like now?
>
> On 10/5/2015 2:02 PM, Stan Silvert wrote:
> > I'm actually starting on the design and implementation of this right
> > now. It's import/export from the admin console. It will also have the
> > ability to import/export partial pieces of a realm such as just users.
> >
> > Thanks for the comments so far on this thread. They have been very
helpful.
> >
> > We will keep the idea that no secrets should ever be exported from admin
> > console. I'm not sure that having a flag for it in keycloak-server.json
> > helps. To edit keycloak-server.json, you need access to the server, in
> > which case you might as well do the current import/export.
> >
> > So what do you do after you import a user with no credentials? Some
ideas:
> > * The administrator can reset the password manually.
> > * The user can do password recovery (if enabled)
> >
> > An other ideas?
> >
> > Stan
> >
> > On 10/5/2015 12:34 PM, Tim Dudgeon wrote:
> >> That's a good point. Having to stop/start the server to generate an
> >> export is not ideal.
> >>
> >> Tim
> >>
> >> On 05/10/2015 11:56, Thomas Raehalme wrote:
> >>>
> >>>
> >>> On Mon, Oct 5, 2015 at 2:47 AM, Bill Burke <bburke at redhat.com
> >>> <mailto:bburke at redhat.com>> wrote:
> >>>
> >>> On 10/4/2015 5:37 PM, Thomas Raehalme wrote:
> >>>
> >>>
> >>> On Oct 4, 2015 23:57, "Bill Burke" <bburke at redhat.com
> >>> <mailto:bburke at redhat.com <mailto:bburke at redhat.com>>> wrote:
> >>> >
> >>> > For security reasons we did not want to have a remote
> >>> option to export.
> >>>
> >>>
> >>> How about just storing the export as a local file on the server?
> >>> You'd need access to the server in order to get the file (making the
> >>> system compromised anyways). The change to current behaviour is that
> >>> you would be able to trigger the export at will without server
restart.
> >>>
> >>> Best regards,
> >>> Thomas
> >>>
> >>>
> >>> _______________________________________________
> >>> keycloak-user mailing list
> >>> keycloak-user at lists.jboss.org
> >>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>
> >>
> >>
> >> _______________________________________________
> >> keycloak-user mailing list
> >> keycloak-user at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> >
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151005/a9d48055/attachment.html
More information about the keycloak-user
mailing list