
<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, May 23, 2014 at 10:35 PM, Bruno Oliveira <span dir="ltr">&lt;<a href="mailto:bruno@abstractj.org" target="_blank">bruno@abstractj.org</a>&gt;</span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">I think might not be hard to handle most of these scenarios on Keycloak,<br>


but before move forward I would like to undestand why the admin is<br>

removed here:<br>

<a href="https://github.com/aerogear/aerogear-unifiedpush-server/blob/ecbe017e65eaf95f7b8ff8c47de670dc77d985aa/auth-server/src/main/java/org/jboss/aerogear/unifiedpush/keycloak/UpsKeycloakApplication.java#L52" target="_blank">https://github.com/aerogear/aerogear-unifiedpush-server/blob/ecbe017e65eaf95f7b8ff8c47de670dc77d985aa/auth-server/src/main/java/org/jboss/aerogear/unifiedpush/keycloak/UpsKeycloakApplication.java#L52</a><br>


<br>

Any specific reason for it? I&#39;m asking because I&#39;m about to change it.<br></blockquote><div><br></div><div>I did follow the template we got from Bill:</div><div><a href="https://github.com/keycloak/keycloak/blob/master/project-integrations/aerogear-ups/auth-server/src/main/java/org/aerogear/ups/security/UpsSecurityApplication.java#L35">https://github.com/keycloak/keycloak/blob/master/project-integrations/aerogear-ups/auth-server/src/main/java/org/aerogear/ups/security/UpsSecurityApplication.java#L35</a><br>

</div><div><br></div><div>I think in that example there was no &#39;super-user&#39; that is in charge of the realm management</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">


Are we planning to build our own admin interface?<br></blockquote><div><br></div><div>nope; We will use theirs, but we may be applying our own theme to make it look like UPS</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">


<div class=""><div class="h5"><br>

On 2014-05-21, Matthias Wessendorf wrote:<br>

&gt; Just a thought... regarding those two roles &#39;PushAdmin&#39; and &#39;Super-User&#39;,<br>

&gt; IMO the Super-user should be able to see all apps (and their variants,<br>

&gt; including registered devices).<br>

&gt;<br>

&gt;<br>

&gt;<br>

&gt;<br>

&gt; On Wed, May 21, 2014 at 2:55 PM, Bruno Oliveira &lt;<a href="mailto:bruno@abstractj.org">bruno@abstractj.org</a>&gt; wrote:<br>

&gt;<br>

&gt; &gt; Thank you Matthias, I will look at it and return back with more<br>

&gt; &gt; questions if necessary.<br>

&gt; &gt;<br>

&gt; &gt; On 2014-05-21, Matthias Wessendorf wrote:<br>

&gt; &gt; &gt; Hello,<br>

&gt; &gt; &gt;<br>

&gt; &gt; &gt; yes - the handling is done by Keycloak itself; Last time we looked at<br>

&gt; &gt; user<br>

&gt; &gt; &gt; management, we had the following in terms of roles:<br>

&gt; &gt; &gt;<br>

&gt; &gt; &gt; <a href="https://gist.github.com/sebastienblanc/6547605" target="_blank">https://gist.github.com/sebastienblanc/6547605</a><br>

&gt; &gt; &gt;<br>

&gt; &gt; &gt; Not sure the names of these roles are great.... let&#39;s see<br>

&gt; &gt; &gt;<br>

&gt; &gt; &gt; Basically I think the role definition in the gist still addresses most of<br>

&gt; &gt; &gt; what we want to archive:<br>

&gt; &gt; &gt; * super-user: in charge of managing the UPS realm (including users); can<br>

&gt; &gt; &gt; see _ALL_ push applications  (that&#39;s the admin in Sebi&#39;s gist)<br>

&gt; &gt; &gt; * PushAdmin: Someone that can manage applications and variants, but is<br>

&gt; &gt; not<br>

&gt; &gt; &gt; able to add new users; he also sees only his applications/variants etc<br>

&gt; &gt; &gt; (that&#39;s the developer in sebis gist)<br>

&gt; &gt; &gt;<br>

&gt; &gt; &gt; The gist also contains a &#39;Viewer&#39; role - At this point I am not sure we<br>

&gt; &gt; do<br>

&gt; &gt; &gt; really need this. My impression is that if we have PushAdmins for our<br>

&gt; &gt; 1.0.0<br>

&gt; &gt; &gt; community release that will be enough.<br>

&gt; &gt; &gt;<br>

&gt; &gt; &gt; -Matthias<br>

&gt; &gt; &gt;<br>

&gt; &gt; &gt;<br>

&gt; &gt; &gt;<br>

&gt; &gt; &gt;<br>

&gt; &gt; &gt; On Tue, May 20, 2014 at 10:02 PM, Bruno Oliveira &lt;<a href="mailto:bruno@abstractj.org">bruno@abstractj.org</a><br>

&gt; &gt; &gt;wrote:<br>

&gt; &gt; &gt;<br>

&gt; &gt; &gt; &gt; Good morning peeps,<br>

&gt; &gt; &gt; &gt;<br>

&gt; &gt; &gt; &gt; Before I jump in <a href="https://issues.jboss.org/browse/AGPUSH-639" target="_blank">https://issues.jboss.org/browse/AGPUSH-639</a>. I would<br>

&gt; &gt; &gt; &gt; like to understand what do you guys want say with this issue.<br>

&gt; &gt; &gt; &gt;<br>

&gt; &gt; &gt; &gt; Currently Keycloak already has its own user/roles managements. What do<br>

&gt; &gt; &gt; &gt; you guys are looking for? Any specific requirements?<br>

&gt; &gt; &gt; &gt;<br>

&gt; &gt; &gt; &gt; --<br>

&gt; &gt; &gt; &gt;<br>

&gt; &gt; &gt; &gt; abstractj<br>

&gt; &gt; &gt; &gt; _______________________________________________<br>

&gt; &gt; &gt; &gt; aerogear-dev mailing list<br>

&gt; &gt; &gt; &gt; <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>

&gt; &gt; &gt; &gt; <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>

&gt; &gt; &gt; &gt;<br>

&gt; &gt; &gt;<br>

&gt; &gt; &gt;<br>

&gt; &gt; &gt;<br>

&gt; &gt; &gt; --<br>

&gt; &gt; &gt; Matthias Wessendorf<br>

&gt; &gt; &gt;<br>

&gt; &gt; &gt; blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>

&gt; &gt; &gt; sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>

&gt; &gt; &gt; twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a><br>

&gt; &gt;<br>

&gt; &gt; &gt; _______________________________________________<br>

&gt; &gt; &gt; aerogear-dev mailing list<br>

&gt; &gt; &gt; <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>

&gt; &gt; &gt; <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>

&gt; &gt;<br>

&gt; &gt;<br>

&gt; &gt; --<br>

&gt; &gt;<br>

&gt; &gt; abstractj<br>

&gt; &gt; _______________________________________________<br>

&gt; &gt; aerogear-dev mailing list<br>

&gt; &gt; <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>

&gt; &gt; <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>

&gt; &gt;<br>

&gt;<br>

&gt;<br>

&gt;<br>

&gt; --<br>

&gt; Matthias Wessendorf<br>

&gt;<br>

&gt; blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>

&gt; sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>

&gt; twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a><br>

<br>

&gt; _______________________________________________<br>

&gt; aerogear-dev mailing list<br>

&gt; <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>

&gt; <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>

<br>

<br>

--<br>

<br>

abstractj<br>

_______________________________________________<br>

aerogear-dev mailing list<br>

<a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>

<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>

</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>Matthias Wessendorf <br><br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>

sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a>

</div></div>