On 16 December 2015 at 14:19, Marek Posolda <mposolda@redhat.com> wrote:

On 15/12/15 18:26, Bill Burke wrote:
> What to do with default mappers and clients and client templates?
>
> When you create a client, it automatically adds default mappers for each
> protocol. Now with client teampltes, if you create a client and specify
> a client template when you create it, it will not add default mappers to
> the client. Sound like right behavior?
IMO yes. This also adds possibility that your client will be created
with some builtin mappers removed by default.
>
> When creating a client template, should efault mappers be added to the
> temaplte automatically? Or should the user have to manually add them?
IMO it's better if he needs to manually add them. He can already add
builtin mappers very easily if he wants to, so doesn't sound like
usability issue that default mappers are not there.
>
> The mappers tab of a client will have a link "view template mappers"
> which will bring you to the template's mapper page. You will be able to
> add additional mappers to your client, but you will not be able to
> override a template's mappers.
>
> Sound cool enough?
>
I think yes.

Another possibility is that on client setup, there will be list of
checkboxes with mappers inherited from the parent. And all the
checkboxes (mappers) will be checked by default. Admin has possibility
to uncheck some inherited mappers. That adds possibility for admin to
remove some inherited mappers.

Is it sufficient to support just one client template for client? I guess
yes, but not sure...

Client templates would be useful when there's a set of standard claims that a group of clients expects in a token. Allowing individual clients to add/remove/override those standard claims makes little sense. I also don't think there's a need for a client to be able to inherit from multiple templates.

Marek

_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev