[keycloak-dev] Admin UI

Gabriel Cardoso gcardoso at redhat.com
Thu Aug 15 11:57:28 EDT 2013 

>> I'll state again, that I don't like this flow.  What you have right now
>> is too complicated IMO.  The concept of a realm is not difficult to
>> understand.  We want and need the user to understand the concept of a
>> Realm and how an Application fits in a Realm.  Anything beyond the
>> simple case they will have to understand this relationship.  Enterprise
>> Java users will already understand this concept.  Any admin that has
>> managed security before will also understand it.  As it is, developers
>> will want to use keycloak for two main reasons: Social broker and/or
>> Single-sign-on for multiple apps.  Whenever the user wants to manage
>> multiple web site under one login, the concept of a Realm will be required.
Ok, I agree that we can present the concept of realm in the creation of the first app.

I liked the idea proposed by Stian. With this solution we don't need wizards, only an explanation of what a realm is when creating the first app. For other complicated concepts, we can have information icons and also balloons to explain things when necessary.

Here is how things could be. Please check you agree with this:

- First access: No links at the top. Page with welcome, some information and button "Configure your first app".
	- Application settings page: Put realm options under the heading "Realm". There is some information about what a realm is (important for the first access). Separation by advanced/basic settings.
	- Application users and roles page: make explicit that the users are part of the realm, and only the roles are related to the application.

- Second application: Possibility to select an existing realm or create a new one (this is made in the applications pages). If the user selects an existing realm, he will be able to see the realm settings in the app page, but not manage them. To manage realm settings, user is redirected to the realm page. Once a realm is associated to more than one app, all the realms created (inclusive the ones belonging to only one application) appear listed in the realms page (they were not being listed before). The realms list indicates if the realm is shared or not, and with what applications.

- Managing realm information for shared applications: In the application page, the user can VIEW the settings inherited from the realm, but cannot edit them in the application page. To do so, he needs to click a button and go to the realm page to edit them.

- Managing realm information for single application: In case of the realm settings is used by only one application, the user can VIEW AND EDIT the realm settings in the applications page. He can also edit them from the realm page. [This is a point that we need agreement, since Stian things that the user should need to go to the realm page to edit these settings. I believe it is one step we can avoid since changing realm settings in this context will only affect that very app.]

Do you think is this a good direction to go?

Gabriel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20130815/588d9482/attachment.html

More information about the keycloak-dev mailing list