[keycloak-user] export of realm json
Stan Silvert
ssilvert at redhat.com
Mon Oct 5 14:27:34 EDT 2015
agreed
On 10/5/2015 2:24 PM, Bill Burke wrote:
> I'm still averse to allowing export from admin console of any
> credentials or private keys.
>
> On 10/5/2015 2:02 PM, Stan Silvert wrote:
>> I'm actually starting on the design and implementation of this right
>> now. It's import/export from the admin console. It will also have the
>> ability to import/export partial pieces of a realm such as just users.
>>
>> Thanks for the comments so far on this thread. They have been very helpful.
>>
>> We will keep the idea that no secrets should ever be exported from admin
>> console. I'm not sure that having a flag for it in keycloak-server.json
>> helps. To edit keycloak-server.json, you need access to the server, in
>> which case you might as well do the current import/export.
>>
>> So what do you do after you import a user with no credentials? Some ideas:
>> * The administrator can reset the password manually.
>> * The user can do password recovery (if enabled)
>>
>> An other ideas?
>>
>> Stan
>>
>> On 10/5/2015 12:34 PM, Tim Dudgeon wrote:
>>> That's a good point. Having to stop/start the server to generate an
>>> export is not ideal.
>>>
>>> Tim
>>>
>>> On 05/10/2015 11:56, Thomas Raehalme wrote:
>>>>
>>>> On Mon, Oct 5, 2015 at 2:47 AM, Bill Burke <bburke at redhat.com
>>>> <mailto:bburke at redhat.com>> wrote:
>>>>
>>>> On 10/4/2015 5:37 PM, Thomas Raehalme wrote:
>>>>
>>>>
>>>> On Oct 4, 2015 23:57, "Bill Burke" <bburke at redhat.com
>>>> <mailto:bburke at redhat.com <mailto:bburke at redhat.com>>> wrote:
>>>> >
>>>> > For security reasons we did not want to have a remote
>>>> option to export.
>>>>
>>>>
>>>> How about just storing the export as a local file on the server?
>>>> You'd need access to the server in order to get the file (making the
>>>> system compromised anyways). The change to current behaviour is that
>>>> you would be able to trigger the export at will without server restart.
>>>>
>>>> Best regards,
>>>> Thomas
>>>>
>>>>
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
More information about the keycloak-user
mailing list