[keycloak-dev] Shortening URLs
Stian Thorgersen
stian at redhat.com
Fri Jan 23 08:51:00 EST 2015
----- Original Message -----
> From: "Pedro Igor Silva" <psilva at redhat.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: "keycloak dev" <keycloak-dev at lists.jboss.org>
> Sent: Friday, January 23, 2015 2:49:18 PM
> Subject: Re: [keycloak-dev] Shortening URLs
>
> ----- Original Message -----
> > From: "Stian Thorgersen" <stian at redhat.com>
> > To: "Pedro Igor Silva" <psilva at redhat.com>
> > Cc: "keycloak dev" <keycloak-dev at lists.jboss.org>
> > Sent: Friday, January 23, 2015 11:32:47 AM
> > Subject: Re: [keycloak-dev] Shortening URLs
> >
> >
> >
> > ----- Original Message -----
> > > From: "Pedro Igor Silva" <psilva at redhat.com>
> > > To: "Stian Thorgersen" <stian at redhat.com>
> > > Cc: "keycloak dev" <keycloak-dev at lists.jboss.org>
> > > Sent: Friday, January 23, 2015 2:27:19 PM
> > > Subject: Re: [keycloak-dev] Shortening URLs
> > >
> > > However, I think we may need to keep /auth. It may be useful to reference
> > > the
> > > whole server regardless a specific realm.
> >
> > /auth isn't needed if Keycloak is running as a separate server and has it's
> > own domain for example https://auth.acme.org
>
> Yep, if not you may also want to reference a path. But I think that usually
> you will prefer a separated server for KC, right ?
>
> Also, how the URLs looks like when you are embedding KC into another project
> ?
That should be configurable by the project, but usually it would be '/auth'
>
> >
> > >
> > > ----- Original Message -----
> > > From: "Pedro Igor Silva" <psilva at redhat.com>
> > > To: "Stian Thorgersen" <stian at redhat.com>
> > > Cc: "keycloak dev" <keycloak-dev at lists.jboss.org>
> > > Sent: Friday, January 23, 2015 11:25:34 AM
> > > Subject: Re: [keycloak-dev] Shortening URLs
> > >
> > > +1. And for OIDC endpoints, we still need to review them some time.
> > >
> > > ----- Original Message -----
> > > From: "Stian Thorgersen" <stian at redhat.com>
> > > To: "keycloak dev" <keycloak-dev at lists.jboss.org>
> > > Sent: Friday, January 23, 2015 9:23:54 AM
> > > Subject: [keycloak-dev] Shortening URLs
> > >
> > > Our URLs are quite long, examples:
> > >
> > > * http://localhost:8080/auth/realms/master/protocols/openid-connect/login
> > > * http://localhost:8080/auth/realms/master/account
> > >
> > > We could remove the 'realms' part and 'protocols' parts couldn't we?
> > >
> > > * http://localhost:8080/auth/master/oidc/login
> > > * http://localhost:8080/auth/master/account
> > >
> > > That would require moving everything under a realm and I guess we'd need
> > > to
> > > hard-wire the protocols, but I think that should be fine.
> > >
> > > We also need to make sure we can just the root context:
> > >
> > > * http://localhost:8080/master/oidc/login
> > > * http://localhost:8080/master/account
> > >
> > > We can also introduce other mechanisms to select the realm. For example a
> > > server with single realm can just omit it altogether:
> > >
> > > * http://localhost:8080/oidc/login
> > > * http://localhost:8080/account
> > >
> > > And we could allow setting what domains uses what realms:
> > >
> > > * http://keycloak-master/oidc/login
> > > * http://keycloak-other/oidc/login
> > >
> > >
> > > _______________________________________________
> > > keycloak-dev mailing list
> > > keycloak-dev at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> > >
> >
>
More information about the keycloak-dev
mailing list