Re: [keycloak-dev] relationship between application and realm

From: "Bill Burke" <bburke(a)redhat.com&gt; To: keycloak-dev(a)lists.jboss.org Sent: Thursday, 12 September, 2013 1:38:17 PM Subject: [keycloak-dev] relationship between application and realm I want to bring this up again because I feel strongly about it. Having "Application" separate from "Realm" or a top-level-menu item, is not a good thing for many reasons. I'm talking about this idea of only creating an Application for single apps through the admin UI and setting up everything based only on the idea of an Application with no knowledge of what a realm is. * Realm is core to the implementation. * Once you want to do SSO, you have to know what a realm is. This idea of merging/exporting/importing an Application into a Realm seems just very complex to me. I'm of the strong opinion that its just not a great idea because SSO (and Single Log Out) is one of our key features. * You're not creating an application within Keycloak, you're securing an application. A Realm really pertains to the auth-server. Application pertains to the * JBoss, Tomcat, and Jetty, really most Java developers already know what a Realm is. Even Basic Auth has the concept of a Realm. Realm is just such a core concept to security. * Removing the concept of a Realm for a single-app domain, doesn't really simplify much for the user. All we're really asking the user to do is specify a name for the realm and configure providers and manage users at the realm level. * Having a noticably different UI for a one-off-app vs. a multi-app realm is just confusing to the user. It creates more work for us, for very little gain. -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev