From: "Stan Silvert" <ssilvert(a)redhat.com>
To: "Stian Thorgersen" <stian(a)redhat.com>
Cc: keycloak-dev(a)lists.jboss.org
Sent: Friday, January 23, 2015 3:06:44 PM
Subject: Re: [keycloak-dev] Shortening URLs
On 1/23/2015 8:52 AM, Stian Thorgersen wrote:
>
> ----- Original Message -----
>> From: "Stan Silvert" <ssilvert(a)redhat.com>
>> To: keycloak-dev(a)lists.jboss.org
>> Sent: Friday, January 23, 2015 2:47:20 PM
>> Subject: Re: [keycloak-dev] Shortening URLs
>>
>> On 1/23/2015 8:45 AM, Stan Silvert wrote:
>>> So if it's something the user needs to remember, let's make it
super
>>> easy:
>>>
>>>
http://foo.com/stan
>>>
>>> Of course then we would need to either enforce that they only create one
>>> realm So for multiple realms we could make it:
>>>
>>>
http://realm.foo.com/stan
>> I mean
http://realmname.foo.com
> I don't think that'll work - if we drop '/realms/' part we would
have to
> move everything under a realm
The simplified URL would only be for that one use case we need to
solve. Everything else would work the old way.
I'm just thinking that if there is something the user needs to memorize
then we should make it really, really easy to memorize.
>
>>> On 1/23/2015 8:20 AM, Stian Thorgersen wrote:
>>>> ----- Original Message -----
>>>>> From: "Stan Silvert" <ssilvert(a)redhat.com>
>>>>> To: "Stian Thorgersen" <stian(a)redhat.com>
>>>>> Cc: keycloak-dev(a)lists.jboss.org
>>>>> Sent: Friday, January 23, 2015 2:10:00 PM
>>>>> Subject: Re: [keycloak-dev] Shortening URLs
>>>>>
>>>>> On 1/23/2015 8:06 AM, Stian Thorgersen wrote:
>>>>>> ----- Original Message -----
>>>>>>> From: "Stan Silvert" <ssilvert(a)redhat.com>
>>>>>>> To: keycloak-dev(a)lists.jboss.org
>>>>>>> Sent: Friday, January 23, 2015 2:01:23 PM
>>>>>>> Subject: Re: [keycloak-dev] Shortening URLs
>>>>>>>
>>>>>>> I like the idea of an option to bind the auth server to the
root
>>>>>>> context. I think that would be especially good for the
appliance
>>>>>>> dist.
>>>>>>>
>>>>>>> But I'm not sure about the rest. What is the problem we
are solving?
>>>>>> Shorter and easier to remember URLs ;)
>>>>>>
>>>>>> At least one the account will be something that users access
directly.
>>>>> Which one is the URL that they will need to remember? Maybe we
could
>>>>> make an alias.
>>>> Account is accessible by users directly:
>>>> -
http://localhost:8080/auth/realms/master/account
>>>>
>>>> BTW why not change it? If it can make things simpler for users. Devs
>>>> that
>>>> don't use our adapters, but use standard openid connect libs for
>>>> example,
>>>> will need to figure out all urls and configure them in the lib their
>>>> using.
>>>>
>>>>>>> On 1/23/2015 6:23 AM, Stian Thorgersen wrote:
>>>>>>>> Our URLs are quite long, examples:
>>>>>>>>
>>>>>>>> *
>>>>>>>>
http://localhost:8080/auth/realms/master/protocols/openid-connect/login
>>>>>>>> *
http://localhost:8080/auth/realms/master/account
>>>>>>>>
>>>>>>>> We could remove the 'realms' part and
'protocols' parts couldn't we?
>>>>>>>>
>>>>>>>> *
http://localhost:8080/auth/master/oidc/login
>>>>>>>> *
http://localhost:8080/auth/master/account
>>>>>>>>
>>>>>>>> That would require moving everything under a realm and I
guess we'd
>>>>>>>> need
>>>>>>>> to
>>>>>>>> hard-wire the protocols, but I think that should be
fine.
>>>>>>>>
>>>>>>>> We also need to make sure we can just the root context:
>>>>>>>>
>>>>>>>> *
http://localhost:8080/master/oidc/login
>>>>>>>> *
http://localhost:8080/master/account
>>>>>>>>
>>>>>>>> We can also introduce other mechanisms to select the
realm. For
>>>>>>>> example a
>>>>>>>> server with single realm can just omit it altogether:
>>>>>>>>
>>>>>>>> *
http://localhost:8080/oidc/login
>>>>>>>> *
http://localhost:8080/account
>>>>>>>>
>>>>>>>> And we could allow setting what domains uses what
realms:
>>>>>>>>
>>>>>>>> *
http://keycloak-master/oidc/login
>>>>>>>> *
http://keycloak-other/oidc/login
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> keycloak-dev mailing list
>>>>>>>> keycloak-dev(a)lists.jboss.org
>>>>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>>>> _______________________________________________
>>>>>>> keycloak-dev mailing list
>>>>>>> keycloak-dev(a)lists.jboss.org
>>>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>>>>
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev(a)lists.jboss.org
>>>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>