[keycloak-dev] Admin UI

Bill Burke bburke at redhat.com
Wed Jul 31 09:01:20 EDT 2013 

All good stuff.


One thing though: Users are bound to a Realm not an Application.  I 
wrote up the datamodel again on the Wiki.  Haven't totally followed it, 
but it will end up like that.

https://github.com/keycloak/keycloak/wiki/Datamodel

On 7/31/2013 5:31 AM, Stian Thorgersen wrote:
> I think we should probably support both ways of specifying role mappings (add/remove users to a role and add/remove roles to a user). For now I just did what was simplest to add.
>
> It would be good if it's possible to list users (and view a specific user) in either the context of a realm or a specific application. For example:
>
> /applications/<app id>/roles/<role> - list users with application role, and allow adding/removing users to the role
> /realm/<realm id>/roles/<role> - list users with realm role, and allow adding/removing users to the role
>
> /application/<application id>/users/<user> - view application user, including application roles (and allow adding/remove roles)
> /realm/<realm id>/users/<user> - view realm user, including realm roles (and allow adding/remove roles)
>
> IMO import/export of anything to/from json documents would be good. We could have an export page that allows the user to tick some boxes of what to export. For import we could support importing users, applications, realms, roles, role-mappings, etc.
>
> For OAuth Client applications would we not just use the same page as applications, but have a way to select what type of application it is?
>
> ----- Original Message -----
>> From: "Bill Burke" <bburke at redhat.com>
>> To: keycloak-dev at lists.jboss.org
>> Sent: Tuesday, 30 July, 2013 6:05:37 PM
>> Subject: Re: [keycloak-dev] Admin UI
>>
>> * I think to do a role mapping, the admin will want to apply mulitple
>> roles to a user.  Right now you have to pick a role panel add the user,
>> pick another roll panel, find the user and add it.
>>
>> I think the admin would rather pick a user and then select the roles to
>> apply either through checkbox or multi-select list.
>>
>> * IMO, we should also allow to upload a json document that defines role
>> mappings.
>>
>>
>>
>> * We'll also need the ability to create OAuth Client Applications (I
>> don't have a good name for these yet).  These are applications that
>> require the user to grant permission after the login for any roles
>> requested.
>> * The UI will need Scope Mappings.  These are similar to role mappings,
>> but they are for Applications and OAuth Client Applications.  These are
>> roles that the Application is allowed to ask the user for permision for.
>>
>>
>> On 7/30/2013 11:46 AM, Stian Thorgersen wrote:
>>> If everyone could have a look at
>>> http://wildfly-stianst.rhcloud.com/keycloak-server/ui/index.html and tell
>>> me what they think that would be great. In my mind it's what we would use
>>> for the first milestone of the project. Probably with a few minor changes,
>>> such as adding a field or two.
>>>
>>> For the future I would hope that Gabriel produces a nice new look and feel
>>> (based on official Red Hat guidelines) as well as improving the usability.
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

More information about the keycloak-dev mailing list