[keycloak-dev] Default roles for realms and applications
Stian Thorgersen
stian at redhat.com
Fri Oct 11 08:08:54 EDT 2013
Never mind, I'm being an idiot. I think I get it now:
There's a default group for a realm. When a user registers he automatically becomes a member of the "default" group. To add realm roles to default users you just add a realm role to the group, then to add roles for individual applications you add application roles to the group. Same when you create a new application you add the default application roles to the default group.
So basically when we have support for groups, we should simple change the default realm roles option to become default groups. Also as you say there's no need for default application roles so I'll close that.
Correct?
----- Original Message -----
> From: "Stian Thorgersen" <stian at redhat.com>
> To: "Bill Burke" <bburke at redhat.com>
> Cc: keycloak-dev at lists.jboss.org
> Sent: Friday, 11 October, 2013 10:24:23 AM
> Subject: Re: [keycloak-dev] Default roles for realms and applications
>
> It's the same problem with groups though. You'd need to have default group(s)
> for realms and applications. When you add a new application existing users
> would have to be added to the default group for the new application.
>
> ----- Original Message -----
> > From: "Bill Burke" <bburke at redhat.com>
> > To: keycloak-dev at lists.jboss.org
> > Sent: Friday, 11 October, 2013 1:22:43 AM
> > Subject: Re: [keycloak-dev] Default roles for realms and applications
> >
> > Implementing Groups would solve this issue. Then you can modify the
> > group and not worry about old users.
> >
> > On 10/10/2013 10:51 AM, Stian Thorgersen wrote:
> > > At the moment we only have support for default roles for realms and I was
> > > planning to add the same for applications.
> > >
> > > Currently when a new user registers the list of default roles for the
> > > realm
> > > is added. This means that if you create the default roles for the realm,
> > > roles for old users won't automatically reflect the changes. When adding
> > > default roles for applications the problem becomes even worse as now
> > > applications themselves can be added/remove after a user has been added.
> > >
> > > As I see it we have two options:
> > >
> > > 1. Try to keep the default roles for realms and applications in sync with
> > > the roles for users
> > > 2. Add the default roles for realms and applications to tokens directly
> > >
> > > To me option 2 seems the simplest/best
> > > _______________________________________________
> > > keycloak-dev mailing list
> > > keycloak-dev at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> > >
> >
> > --
> > Bill Burke
> > JBoss, a division of Red Hat
> > http://bill.burkecentral.com
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list