[keycloak-dev] management problems
Stian Thorgersen
stian at redhat.com
Thu May 1 11:49:50 EDT 2014
Is that really an issue?
Users would just be admin users, there would be a separate realm for AeroGear users.
And there'd probably be a single AeroGear console application, with a few associated roles.
----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: keycloak-dev at lists.jboss.org
> Sent: Thursday, 1 May, 2014 4:47:24 PM
> Subject: Re: [keycloak-dev] management problems
>
>
>
> On 5/1/2014 11:41 AM, Stian Thorgersen wrote:
> >
> >
> > ----- Original Message -----
> >> From: "Bill Burke" <bburke at redhat.com>
> >> To: "Stian Thorgersen" <stian at redhat.com>
> >> Cc: keycloak-dev at lists.jboss.org
> >> Sent: Thursday, 1 May, 2014 4:37:39 PM
> >> Subject: Re: [keycloak-dev] management problems
> >>
> >>
> >>
> >> On 5/1/2014 11:24 AM, Stian Thorgersen wrote:
> >>>
> >>>
> >>> ----- Original Message -----
> >>>> From: "Bill Burke" <bburke at redhat.com>
> >>>> To: "Stian Thorgersen" <stian at redhat.com>
> >>>> Cc: keycloak-dev at lists.jboss.org
> >>>> Sent: Thursday, 1 May, 2014 4:19:26 PM
> >>>> Subject: Re: [keycloak-dev] management problems
> >>>>
> >>>>
> >>>>
> >>>> On 5/1/2014 10:16 AM, Stian Thorgersen wrote:
> >>>>>
> >>>>>
> >>>>> ----- Original Message -----
> >>>>>> From: "Bill Burke" <bburke at redhat.com>
> >>>>>> To: "Stian Thorgersen" <stian at redhat.com>
> >>>>>> Cc: keycloak-dev at lists.jboss.org
> >>>>>> Sent: Thursday, 1 May, 2014 3:11:48 PM
> >>>>>> Subject: Re: [keycloak-dev] management problems
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> On 5/1/2014 9:30 AM, Stian Thorgersen wrote:
> >>>>>>> I'm wondering about what issues there are with having a single shared
> >>>>>>> admin
> >>>>>>> realm though. That seems the optional solution to me.
> >>>>>>>
> >>>>>>
> >>>>>> Isn't the issue multi-tenancy?
> >>>>>
> >>>>> We can grant admin users access to manage only specific realms though?
> >>>>>
> >>>>> Or are you thinking multi-tenancy for AeroGear?
> >>>>
> >>>> What I mean is that you want to manage Aerogear in a realm on a server
> >>>> that is multi-tenant (1 server managing multiple realms). Can't really
> >>>> have a single shared admin realm in that case.
> >>>
> >>> I'm still not following :/
> >>>
> >>> Can you spoon-feed me an example?
> >>>
> >>
> >> Aerogear UPS admin needs to:
> >>
> >> * manage users
> >> * manage role mappings
> >> * manage oauth clients
> >> * Manage aerogear specific things
> >>
> >> You want to have one login to do all those things. This means there
> >> needs to be one realm to do all these things. You could re-use the
> >> "keycloak-admin" realm, but re-using the "keycloak-admin" realm doesn't
> >> work if you're dealing with a Keycloak deployment that is managing
> >> multiple realms. A.K.A. Multi-tenancy.
> >
> > The part I'm not understanding is why it doesn't work with a Keycloak
> > deployment with multiple realms?
> >
>
> Because you're polluting the "keycloak-admin" realm with Aerogear
> specific things: users, roles, applications, etc.
>
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
>
More information about the keycloak-dev
mailing list