[keycloak-dev] Roles in Client Template
Stian Thorgersen
sthorger at redhat.com
Fri Jan 6 08:02:02 EST 2017
I think it can be argued if that makes sense, but the problem is how to
implement it. Other things like scope can easily be inherited when
consumed, while role inheritance would actually require somehow
creating/deleting roles for all clients that use a template. Otherwise it
would be impossible to map the roles to anything (scope, users, composite
roles, etc..).
On 5 January 2017 at 14:32, Thomas Raehalme <
thomas.raehalme at aitiofinland.com> wrote:
> Hi!
>
> I was under the (false) impression that Client Templates would also contain
> role definitions for clients that use the template. Unfortunately I was
> wrong.
>
> My use case is an application where there are multiple instances each
> belonging to a different tenant. They each have the same set of roles, but
> their own set of users (or groups) to which the roles are assigned.
>
> I would like to be able to maintain the common client settings in the
> template and focus on tenant-specific settings such as URLs on each client
> (which are also more static).
>
> What do you think would it make sense to add the possibility to define also
> roles in the Client Template?
>
> Best regards,
> Thomas
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list