Skip to content
This repository has been archived by the owner on Jan 5, 2023. It is now read-only.

Allow user to set default user passwords #72

Open
msavy opened this issue May 10, 2022 · 2 comments
Open

Allow user to set default user passwords #72

msavy opened this issue May 10, 2022 · 2 comments
Assignees

Comments

@msavy
Copy link
Member

msavy commented May 10, 2022

  • Could also consider randomising admin and apimanager passwords if no default is provided?
  • Could consider setting password as temporary/require reset?
@volkflo
Copy link
Member

volkflo commented May 11, 2022

I would change this in the KC (of course only in the setups we ship with KC) so that we force a user to change the password after first login.
Note: This was already present in a downstream version of apiman and a lot of people complained as this is a additional step if you do development.

@msavy
Copy link
Member Author

msavy commented May 11, 2022

We could allow setting the passwords explicitly (can do it via the Keycloak REST API + Apiman API). That would follow the typical pattern you see in docker images of allowing a password to be set via env var, otherwise randomise and print to console.

e.g. (names purely for example)

APIMAN_ADMIN_PASSWORD=(if not set, is randomised)
APIMAN_MANAGER_PASSWORD=(if not set, is randomised)

I guess instead of launching Apiman directly we'd just have a script in Shell/JBang/Ruby or whatever, and we'd do any special actions there. Would require multiple things to be running though, which will be interesting. It definitely works, though.

BTW, apimanager creds are stored in Apiman's DB, so that it can talk from Apiman -> Gateway (without necessarily needing to be KC; could just be BASIC or something). Randomising that would be good so that it's always different even for a default setup. Would just need to ensure it's consistent (i.e. the script needs to speak to KC + Apiman).

@msavy msavy self-assigned this May 11, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
Development

No branches or pull requests

2 participants