All good stuff.
One thing though: Users are bound to a Realm not an Application. I
wrote up the datamodel again on the Wiki. Haven't totally followed it,
but it will end up like that.
I think we should probably support both ways of specifying role
mappings (add/remove users to a role and add/remove roles to a user). For now I just did
what was simplest to add.
It would be good if it's possible to list users (and view a specific user) in either
the context of a realm or a specific application. For example:
/applications/<app id>/roles/<role> - list users with application role, and
allow adding/removing users to the role
/realm/<realm id>/roles/<role> - list users with realm role, and allow
adding/removing users to the role
/application/<application id>/users/<user> - view application user, including
application roles (and allow adding/remove roles)
/realm/<realm id>/users/<user> - view realm user, including realm roles (and
allow adding/remove roles)
IMO import/export of anything to/from json documents would be good. We could have an
export page that allows the user to tick some boxes of what to export. For import we could
support importing users, applications, realms, roles, role-mappings, etc.
For OAuth Client applications would we not just use the same page as applications, but
have a way to select what type of application it is?
----- Original Message -----
> From: "Bill Burke" <bburke(a)redhat.com>
> To: keycloak-dev(a)lists.jboss.org
> Sent: Tuesday, 30 July, 2013 6:05:37 PM
> Subject: Re: [keycloak-dev] Admin UI
>
> * I think to do a role mapping, the admin will want to apply mulitple
> roles to a user. Right now you have to pick a role panel add the user,
> pick another roll panel, find the user and add it.
>
> I think the admin would rather pick a user and then select the roles to
> apply either through checkbox or multi-select list.
>
> * IMO, we should also allow to upload a json document that defines role
> mappings.
>
>
>
> * We'll also need the ability to create OAuth Client Applications (I
> don't have a good name for these yet). These are applications that
> require the user to grant permission after the login for any roles
> requested.
> * The UI will need Scope Mappings. These are similar to role mappings,
> but they are for Applications and OAuth Client Applications. These are
> roles that the Application is allowed to ask the user for permision for.
>
>
> On 7/30/2013 11:46 AM, Stian Thorgersen wrote:
>> If everyone could have a look at
>>
http://wildfly-stianst.rhcloud.com/keycloak-server/ui/index.html and tell
>> me what they think that would be great. In my mind it's what we would use
>> for the first milestone of the project. Probably with a few minor changes,
>> such as adding a field or two.
>>
>> For the future I would hope that Gabriel produces a nice new look and feel
>> (based on official Red Hat guidelines) as well as improving the usability.
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>
> --
> Bill Burke
> JBoss, a division of Red Hat
>
http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>