[keycloak-user] Default clients for a new realm

Aikeaguinea aikeaguinea at xsmail.com
Tue Apr 12 19:32:27 EDT 2016


Thank you very much for this; it's very helpful.
 
 
On Tue, Apr 12, 2016, at 05:45 PM, Thomas Darimont wrote:
> Hello,
>
> from my understanding and from reading the docs & mailing lists I'd
> explain the clients as follows:
>
> /account
> web application with UI, currently embedded in keycloak itself, that
> serves as a self-service
> account management application where users can change information
> about ther user account,
> change passwords, have a look at their active sessions etc.
>
> You should leave this if you want your users to be able to manage
> their account themselves.
>
> /admin-cli
> "technical" client (no UI) that was introduced in 1.7 and is used for
> direct-grants with
> access-type "public" and has scope to realm-management (which implies
> some client roles like:
> realm-admin, management-realm, manage-users, etc.) similarly like the
> security-admin-console.
> This client can also be used for configuring the realm via the REST
> API or the Keycloak admin-client.
>
> You should leave this if you want to administer your realm via the
> REST API.
>
> /broker
> "technical" client (no UI) is used for standard flow and has scope to
> read-token, allows the user
> to access any stored external tokens (via the broker service).
>
> You should leave this if you want to do indentity brokering.
> (guessing here)
>
> /realm-management
> "technical" client (no UI), similar to admin-cli but uses access-type
> bearer-only,
> which means that instead of doing the oauth dance you need to pass
> the access_token via the Authorization: Bearer TOKEN HTTP
> request header.
>
> You should leave this if you want to administer your realm via the
> REST API.
>
> /security-admin-console
> web application with UI, currently embedded in keycloak itself,  which
> serves as the management console
> you are using to configure your realm via the browser.
>
> From keycloaks perspective the admin-console is also just an
> oauth client.
>
> You should leave this if you want to administer your realm via the
> admin console (which you probably do).
> --
>
> Perhaps it would help to populate description field with a brief
> summary for the "default" client definitions.
> Having those clients mentioned in the docs somewhere would be helpful
> as well.
>
> Cheers,
> Thomas
>
>
> 2016-04-12 23:03 GMT+02:00 Aikeaguinea <aikeaguinea at xsmail.com>:
>> When I create a new realm, I see that the following clients are
>>  automatically created in that realm:
>>
>>  account
>>  admin-cl
>>  broker
>>  realm-management
>>  security-admin-console
>>
>>  It's hard for me to tell whether or not to delete these clients
>>  without
>>  knowing what they're for, and I haven't successfully found
>>  documentation
>>  on the subject. Might someone explain what these are about?
>>
>>  --
>> http://www.fastmail.com - Accessible with your email software or over
>> the web
>>
>>  _______________________________________________
>>  keycloak-user mailing list keycloak-user at lists.jboss.org
>>  https://lists.jboss.org/mailman/listinfo/keycloak-user
 
--
Aikeaguinea
aikeaguinea at xsmail.com
 

-- 
http://www.fastmail.com - Same, same, but different...

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160412/ff11e14a/attachment.html 


More information about the keycloak-user mailing list