[keycloak-dev] management problems
Bill Burke
bburke at redhat.com
Thu May 1 11:37:39 EDT 2014
On 5/1/2014 11:24 AM, Stian Thorgersen wrote:
>
>
> ----- Original Message -----
>> From: "Bill Burke" <bburke at redhat.com>
>> To: "Stian Thorgersen" <stian at redhat.com>
>> Cc: keycloak-dev at lists.jboss.org
>> Sent: Thursday, 1 May, 2014 4:19:26 PM
>> Subject: Re: [keycloak-dev] management problems
>>
>>
>>
>> On 5/1/2014 10:16 AM, Stian Thorgersen wrote:
>>>
>>>
>>> ----- Original Message -----
>>>> From: "Bill Burke" <bburke at redhat.com>
>>>> To: "Stian Thorgersen" <stian at redhat.com>
>>>> Cc: keycloak-dev at lists.jboss.org
>>>> Sent: Thursday, 1 May, 2014 3:11:48 PM
>>>> Subject: Re: [keycloak-dev] management problems
>>>>
>>>>
>>>>
>>>> On 5/1/2014 9:30 AM, Stian Thorgersen wrote:
>>>>> I'm wondering about what issues there are with having a single shared
>>>>> admin
>>>>> realm though. That seems the optional solution to me.
>>>>>
>>>>
>>>> Isn't the issue multi-tenancy?
>>>
>>> We can grant admin users access to manage only specific realms though?
>>>
>>> Or are you thinking multi-tenancy for AeroGear?
>>
>> What I mean is that you want to manage Aerogear in a realm on a server
>> that is multi-tenant (1 server managing multiple realms). Can't really
>> have a single shared admin realm in that case.
>
> I'm still not following :/
>
> Can you spoon-feed me an example?
>
Aerogear UPS admin needs to:
* manage users
* manage role mappings
* manage oauth clients
* Manage aerogear specific things
You want to have one login to do all those things. This means there
needs to be one realm to do all these things. You could re-use the
"keycloak-admin" realm, but re-using the "keycloak-admin" realm doesn't
work if you're dealing with a Keycloak deployment that is managing
multiple realms. A.K.A. Multi-tenancy.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list