Some visual style for community?
by Gabriel Cardoso
Hi Bill,
Since it seems that there is not much more to be done in terms of design for Keycloak, do you want me to start thinking about a "style" for the community version?
Also, a logo would be a good idea!
Thanks,
Gabriel
--
Gabriel Cardoso
GateIn Portal | User Experience Designer
11 years
back link on acct page?
by Bill Burke
For the demo customer-portal app, I added a "acct mgmt" link to the acct
svc. Problem is, once yu get to the acct mgmt page, there's no way to
go back except by the browser back button.
SHould we add a "back" link populated with the HTTP-REFERER header?
Also, google acct management page has an icon that allows you to
navigate to any other google app. Should probably have the same thing
on the acct page. Which...I'll need to bring back the baseUrl attribute
i just removed, lol!
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
11 years
Import in dist
by Stian Thorgersen
I added a system property "keycloak.import" to the dist. This makes it possible to import settings from testrealm.json to make it easy to try out the examples without having to go through the admin console.
We should delete as7-eap-demo/server and wildfly-demo/server, then start using the dists instead for the examples.
To build -Prelease builds WildFly dist in dist/target/keycloak-<version> and -Prelease-as7 builds AS7 dist in dist-as7/target/keycloak-<version> (including updated Resteasy)
11 years
why separate cookie for acct svc?
by Bill Burke
Why a separate cookies for acct svc? Shouldn't it just use the same
identity cookie used by the token service. If an appliation wants to
link the acct mgmt page on their application, user has to relog in.
Or am I missing something?
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
11 years
url problem with login/account mgmt
by Bill Burke
Apps may want to have a link back to login, logout, and account
management. The problem is this link has the form of:
/realms/{id}
Where {id} is this huge generated id. We do this because realm names
may not be unique in multi-tenancy environments. While our public cloud
plans are to create a dedicated server instance for a company, we may
want to support multi-tenancy in the future. So I think this has to stay.
What sucks is how can an app developer find out this id? We can show
the ID in the admin console and/or even have a "base url" field for the
realm with a "Copy to Clipboard" button. The adapters could set
HttpServletRequest parameters pointing to logout and acct mgmt URLs too.
Any other ideas/concerns?
Bill
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
11 years
more import format changes
by Bill Burke
I'm glad I'm doing this presentation/demo screencast thing. Its
flushing out some issues already:
The AccountService registered a specific application to the realm.
users are required to have a account service role to be able to access
the acct mgmt page. We may end up having more default applications in
the future and default roles in the future.
Because of this the import format needs to change. Application scope
and role mappings are contained under the ApplicationRepresentation.
These need to be broken out and placed within the RealmRepresentation
instead.
So, RealmRepresenation would have:
Map<String, UserRoleMappingRepresentation> accountRoleMappings;
Map<String, ScopeMappingRepresentation> accountScopeMappings;
Key would be the account name.
Also, I'm going to have a "registrations" field in addition to the
"users" field. It will be the same as the "users" field except that
created users will have default realm and application roles applied.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
11 years
RealmRepresentation changes
by Bill Burke
The RealmRepresentation has changed (i.e. testrealm.json). There is no
more "clients" attribute. This has been replaced with "oauthClients"
and has a slightly different sub-format.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
11 years
Removed Application.baseUrl
by Bill Burke
There is no use for Application.baseUrl as it is covered by
Application.redirectUrls. I have removed this attribute from the model,
reps, services, and admin console pages.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
11 years
oauth client pages merged
by Bill Burke
New main menu item "OAuth Clients"
pages look very very similar to Application minus a few things. Not
sure I like the name "OAuth Clients", but I'm not sure what else to call
them.
Bill
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
11 years
On/off toggles
by Stian Thorgersen
For a few places where the on/off toggles are used the labels on/off doesn't make sense. For example:
Enabled: on/off
Cookie login allowed: on/off
Would it not be better with yes/no? That seems to work in all cases
11 years