Btw, is there any way to specify the entity (client or user) to which a default role
should be applied ?
----- Original Message -----
From: "Pedro Igor Silva" <psilva(a)redhat.com>
To: stian(a)redhat.com
Cc: "keycloak-dev" <keycloak-dev(a)lists.jboss.org>
Sent: Monday, June 13, 2016 4:44:34 PM
Subject: Re: [keycloak-dev] Add roles to a client template
It is related with some simplifications to authz services configuration.
In order to enable fine-grained authz, clients should be granted with specific roles to
gain access to authz services. In some cases, users must consent access to his
authorization data by third-party apps.
When consenting access to his authorization data, the user is actually consenting to a
third-party app access to the protected resources at a specific resource server. In this
case, a client role can be used to specify just that. Eg.: on the consent page you'll
see a "uma_authorization in client-application-A"
I can also use realm roles to achieve the same result, but that would not be specific to a
resource server/client-app. Although still a valid setup if the user wants so.
What I want to do is just create a template with these roles. I was expecting that the
template could help me to avoid creating and assigning these roles manually.
This is not a blocker. As I said, realm roles can also be used to achieve the same
results.
----- Original Message -----
From: "Stian Thorgersen" <sthorger(a)redhat.com>
To: "Pedro Igor Silva" <psilva(a)redhat.com>
Cc: "keycloak-dev" <keycloak-dev(a)lists.jboss.org>
Sent: Monday, June 13, 2016 3:20:37 PM
Subject: Re: [keycloak-dev] Add roles to a client template
Client templates can only store roles and scope. Not sure it makes sense to
add client roles, especially not since we're planning on introducing role
namespaces in the future and that could conflict with the design around
that.
Can you elaborate on the use-case?
On 13 June 2016 at 19:16, Pedro Igor Silva <psilva(a)redhat.com> wrote:
Is it possible to add client roles to a client template ? Would like
to
provide a template with some default roles/scopes.
Regards.
Pedro Igor
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev