Re: [keycloak-dev] management problems

----- Original Message ----- > From: "Bill Burke" <bburke(a)redhat.com&gt; > To: "Stian Thorgersen" <stian(a)redhat.com&gt; > Cc: keycloak-dev(a)lists.jboss.org > Sent: Thursday, 1 May, 2014 4:37:39 PM > Subject: Re: [keycloak-dev] management problems > > > > On 5/1/2014 11:24 AM, Stian Thorgersen wrote: >> >> >> ----- Original Message ----- >>> From: "Bill Burke" <bburke(a)redhat.com&gt; >>> To: "Stian Thorgersen" <stian(a)redhat.com&gt; >>> Cc: keycloak-dev(a)lists.jboss.org >>> Sent: Thursday, 1 May, 2014 4:19:26 PM >>> Subject: Re: [keycloak-dev] management problems >>> >>> >>> >>> On 5/1/2014 10:16 AM, Stian Thorgersen wrote: >>>> >>>> >>>> ----- Original Message ----- >>>>> From: "Bill Burke" <bburke(a)redhat.com&gt; >>>>> To: "Stian Thorgersen" <stian(a)redhat.com&gt; >>>>> Cc: keycloak-dev(a)lists.jboss.org >>>>> Sent: Thursday, 1 May, 2014 3:11:48 PM >>>>> Subject: Re: [keycloak-dev] management problems >>>>> >>>>> >>>>> >>>>> On 5/1/2014 9:30 AM, Stian Thorgersen wrote: >>>>>> I'm wondering about what issues there are with having a single shared >>>>>> admin >>>>>> realm though. That seems the optional solution to me. >>>>>> >>>>> >>>>> Isn't the issue multi-tenancy? >>>> >>>> We can grant admin users access to manage only specific realms though? >>>> >>>> Or are you thinking multi-tenancy for AeroGear? >>> >>> What I mean is that you want to manage Aerogear in a realm on a server >>> that is multi-tenant (1 server managing multiple realms). Can't really >>> have a single shared admin realm in that case. >> >> I'm still not following :/ >> >> Can you spoon-feed me an example? >> > > Aerogear UPS admin needs to: > > * manage users > * manage role mappings > * manage oauth clients > * Manage aerogear specific things > > You want to have one login to do all those things. This means there > needs to be one realm to do all these things. You could re-use the > "keycloak-admin" realm, but re-using the "keycloak-admin" realm doesn't > work if you're dealing with a Keycloak deployment that is managing > multiple realms. A.K.A. Multi-tenancy. The part I'm not understanding is why it doesn't work with a Keycloak deployment with multiple realms?