Re: [keycloak-dev] management problems

Is that really an issue? Users would just be admin users, there would be a separate realm for AeroGear users. And there'd probably be a single AeroGear console application, with a few associated roles. ----- Original Message ----- > From: "Bill Burke" <bburke(a)redhat.com&gt; > To: "Stian Thorgersen" <stian(a)redhat.com&gt; > Cc: keycloak-dev(a)lists.jboss.org > Sent: Thursday, 1 May, 2014 4:47:24 PM > Subject: Re: [keycloak-dev] management problems > > > > On 5/1/2014 11:41 AM, Stian Thorgersen wrote: >> >> >> ----- Original Message ----- >>> From: "Bill Burke" <bburke(a)redhat.com&gt; >>> To: "Stian Thorgersen" <stian(a)redhat.com&gt; >>> Cc: keycloak-dev(a)lists.jboss.org >>> Sent: Thursday, 1 May, 2014 4:37:39 PM >>> Subject: Re: [keycloak-dev] management problems >>> >>> >>> >>> On 5/1/2014 11:24 AM, Stian Thorgersen wrote: >>>> >>>> >>>> ----- Original Message ----- >>>>> From: "Bill Burke" <bburke(a)redhat.com&gt; >>>>> To: "Stian Thorgersen" <stian(a)redhat.com&gt; >>>>> Cc: keycloak-dev(a)lists.jboss.org >>>>> Sent: Thursday, 1 May, 2014 4:19:26 PM >>>>> Subject: Re: [keycloak-dev] management problems >>>>> >>>>> >>>>> >>>>> On 5/1/2014 10:16 AM, Stian Thorgersen wrote: >>>>>> >>>>>> >>>>>> ----- Original Message ----- >>>>>>> From: "Bill Burke" <bburke(a)redhat.com&gt; >>>>>>> To: "Stian Thorgersen" <stian(a)redhat.com&gt; >>>>>>> Cc: keycloak-dev(a)lists.jboss.org >>>>>>> Sent: Thursday, 1 May, 2014 3:11:48 PM >>>>>>> Subject: Re: [keycloak-dev] management problems >>>>>>> >>>>>>> >>>>>>> >>>>>>> On 5/1/2014 9:30 AM, Stian Thorgersen wrote: >>>>>>>> I'm wondering about what issues there are with having a single shared >>>>>>>> admin >>>>>>>> realm though. That seems the optional solution to me. >>>>>>>> >>>>>>> >>>>>>> Isn't the issue multi-tenancy? >>>>>> >>>>>> We can grant admin users access to manage only specific realms though? >>>>>> >>>>>> Or are you thinking multi-tenancy for AeroGear? >>>>> >>>>> What I mean is that you want to manage Aerogear in a realm on a server >>>>> that is multi-tenant (1 server managing multiple realms). Can't really >>>>> have a single shared admin realm in that case. >>>> >>>> I'm still not following :/ >>>> >>>> Can you spoon-feed me an example? >>>> >>> >>> Aerogear UPS admin needs to: >>> >>> * manage users >>> * manage role mappings >>> * manage oauth clients >>> * Manage aerogear specific things >>> >>> You want to have one login to do all those things. This means there >>> needs to be one realm to do all these things. You could re-use the >>> "keycloak-admin" realm, but re-using the "keycloak-admin" realm doesn't >>> work if you're dealing with a Keycloak deployment that is managing >>> multiple realms. A.K.A. Multi-tenancy. >> >> The part I'm not understanding is why it doesn't work with a Keycloak >> deployment with multiple realms? >> > > Because you're polluting the "keycloak-admin" realm with Aerogear > specific things: users, roles, applications, etc. > > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com >