[keycloak-dev] more things we need

Stian Thorgersen stian at redhat.com
Fri Jan 17 05:11:44 EST 2014


User account management is now always turned on. There's no option to disable it in the realm settings, but if someone really wants to remove it they can remove the account application.

Default roles are now assigned to all new users (self-registered, created by admin, or imported from json). The Registration tab in the admin console is renamed to Default Roles and is always visible.

As I said before updating default roles for exiting users is risky, and would be best achieved with the introduction of composite roles. IMO we should hold off on this until after the alpha has been released. 

----- Original Message -----
> From: "Stian Thorgersen" <stian at redhat.com>
> To: "Bill Burke" <bburke at redhat.com>
> Cc: keycloak-dev at lists.jboss.org
> Sent: Friday, 17 January, 2014 9:06:48 AM
> Subject: Re: [keycloak-dev] more things we need
> 
> 
> 
> ----- Original Message -----
> > From: "Bill Burke" <bburke at redhat.com>
> > To: keycloak-dev at lists.jboss.org
> > Sent: Friday, 17 January, 2014 1:18:52 AM
> > Subject: [keycloak-dev] more things we need
> > 
> > One thing I notice from doing the tutorial:
> > 
> > * User account management should be turned on by default
> 
> Agreed - working on this now (also removing the option to disable it, if
> someone really wants that we can add it back later)
> 
> > * Default roles should be visible even without registration and
> > privileges should be automatic for the Account Server for all users.
> 
> In the future this should use a default composite role, which would make the
> updating of users automatically. Updating users now would be very
> problematic for several reason, for example:
> 
> * Would need to update all users when a default role is added/removed
> * If an admin explicitly removes some default roles for a set of users, we
> could end up adding it back if the default roles are changed
> 
> How about for the alpha we rename it from "Registration" to "Default Roles".
> Then we add those roles to users created through the admin console as well
> as self-registered users.
> 
> > * We don't need a User Account Management switch.  Admins can just
> > choose to not set a default role for user account management.
> > 
> > I just think it will be rare to not have Acct Service turned off, so
> > might as well set it up by default.
> > 
> > --
> > Bill Burke
> > JBoss, a division of Red Hat
> > http://bill.burkecentral.com
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> > 
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> 


More information about the keycloak-dev mailing list