[security-dev] Keycloak datamodel

Bill Burke bburke at redhat.com
Tue Jul 30 08:44:37 EDT 2013

Keycloak is a SaaS in which people can register to create their own realms.

Default Realm:
   Custom RealmAdminRelationship: Attribute: realmId, Attribute: User. 
RealmId points to a realm a User has created

SSO Realms:
* A bunch of attributes for the Realm like private/public key stored in 
an Agent
* Users
* Roles
* User/RoleMapping
* Custom RequiredCredentialRelationship.  Defines the credential types 
required by the realm.
* Custom ScopeRelationship.  Scope is the same as role mapping, but this 
defines an OAuth grant thing.  It is the roles a user is allowed to 
request permissions for.  It is an Attribute of an Agent and a Role.
* Custom ResourceRelationship.  A resource is an application that is 
managed by the realm.  This has Attribute Agent pointing to the Agent of 
the realm, various attributes of the resource, and also a String value 
pointing to the Tier.  I couldn't figure out how to have a hard 
relationship to a Tier

Resource (maps to Tier)
* Roles
* User/RoleMapping
* ScopeRelationship

Bill Burke
JBoss, a division of Red Hat

More information about the security-dev mailing list