[keycloak-dev] getting rid of master realm

Stian Thorgersen sthorger at redhat.com
Mon Dec 7 13:53:27 EST 2015 

I think in practice it makes sense. The bearer-only should not be shown in
clients list as it's just about roles. The admin console should have
redirect-uris for the admin console, but not have direct grant enabled.
Finally the admin cli should only have direct grant enabled. That way they
can be configured independently. As they are separate things and this is
how we recommend others to organize their clients then we should do the
same.

On 7 December 2015 at 16:36, Bill Burke <bburke at redhat.com> wrote:

> Sorry, makes sense now after reading your exchange.  In practice though,
> does it matter to have this split?  Is it not better to consolidate into
> one client?
>
> On 12/7/2015 3:48 AM, Marek Posolda wrote:
>
>> +1. That's what we have now and it's good pattern IMO.
>>
>> Marek
>>
>> On 07/12/15 09:38, Stian Thorgersen wrote:
>>
>>> Should we not have one client for the roles that represents the
>>> services (bearer-only), then have a separate clients for admin GUI and
>>> CLI?
>>>
>>> On 7 December 2015 at 09:34, Marek Posolda <mposolda at redhat.com
>>> <mailto:mposolda at redhat.com>> wrote:
>>>
>>>     On 03/12/15 20:06, Bill Burke wrote:
>>>     > * We can remove the realm-management client in each realm and
>>>     just merge
>>>     > the roles into security-admin-console.
>>>     Not sure about this one TBH. Also in 1.7 we introduced the
>>> "admin-cli"
>>>     client, which is used for direct-grants and has scope to
>>>     realm-management similarly like security-admin-console. The
>>>     security-admin-console is used for UI of admin console (javascript
>>>     client) when admin-cli is used for direct access to admin REST
>>>     endpoints
>>>     for example from admin-client.
>>>
>>>     Marek
>>>     _______________________________________________
>>>     keycloak-dev mailing list
>>>     keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
>>>     https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>
>>>
>>>
>>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20151207/811c104f/attachment.html

More information about the keycloak-dev mailing list