The last phase of client templates would be to allow defining
configuration items in the client template that the client inherits.  I
was going to implement it as an either or.  There will be a switch
"Inherit Template Configuration"  If this is off, then config items are
taken from the client, otherwise they are taken from the template.
There would be no mix and match.

FYI, I"m not sure I'll be able to finish this prior to our deadline of
early January.  There's still a lot of JIRAs to do beyond this.

This week though, I think I want to rework and simplify client creation
a bit more.  Create client on the admin console would only require must
needed config attributes:

OIDC:
Client ID
Root URL
Choose Client Template if wanted

These would be the defaults:
* Access type: public (pretty much covers any use)
* enabled true
* Redirect URIs would default to Root/*
* Standard Flow true
* Direct Grants false
* Service Accounts false

SAML:
Client Entity ID:
SAML SP Endpoint (not required, can make it more fine grained)
Choose client template if wanted

* Sign Docs: true
* Sign Assertions: false
* Client Signature Required: true
* Force POST BInding true
* Front Channel logout: true
* Force Name ID Format: false
* Name ID Format username
* Valid Redirect URIS renamed to Valid Assertion Consumer Service URIs
* certs would be generated by default

I'm also going to add a method to LoginProtocolFactory:

setupDefaults(ClientModel).  When a client is created, this method would
be called, then the defaults would be overriden if they are set in the
ClientRepresentation.  Right now, all this default logic is in the admin
console and I don't think it should be there.

--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev