On 9/4/2013 5:27 AM, Marek Posolda wrote:
On 3.9.2013 16:10, Bill Burke wrote:
> I was thinking about this a little more. What does an admin need to
> create an initial social or SSO realm? Minimally for 1st application?
>
> * Name of Realm
> * Name of Application
> * Credentials for Application (password)
> * Enable Social
> * Enable Registration
>
> So, initial page could be:
>
> New Realm Name: xxxxxxx
> Social X Registration X
There are much more options for realm, would those be accessible during
registration as well?
They would be accessible after the initial steps. The idea is to be
able to get to a working prototype as fast as possible.
It seems that we will also need something to
handle upload of public/private keys for particular realm to use that
realm?
Keycloak server can generate the key pair in most cases. We can add the
ability to set the pair later if asked for by users.
I wonder if it's good idea to initialize it from Keystore file,
which could be possibly uploaded through UI, but admin would need to
specify key alias/keystore password and key password in this case...
That could be an option, but again, I think its simpler for user if
keycloak server generates the key pair.
For social registration, it seems that we will need to specify which
social providers will be available for each realm (For example Realm X
will allow to register users through Facebook or Twitter, Realm Y will
allow users to register users through Google etc.)
Why would we have this option? Why would users want google/fb, but not
twitter/yahoo?
It seems that we will
also need that each realm will have different combinations for
consumerKey/consumerSecret for particular providers (actually it's
shared and consumerKey/consumerSecret are initialized from system
properties). Not sure if we want to allow all those settings to be part
of Realm registration page or later during realm editing?
We talked before about having a global keycloak account for the Saas
service so that initial users would have less setup. This of course
could be overriden.
But....
We also discussed *NOT* having a SaaS service, but instead providing a
Openshift cartridge that could be installed. I don't think it is
possible to automate account creation on these social sites. Do you?
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com