9:50 a.m.
Apps may want to have a link back to login, logout, and account
management. The problem is this link has the form of:
/realms/{id}
Where {id} is this huge generated id. We do this because realm names
may not be unique in multi-tenancy environments. While our public cloud
plans are to create a dedicated server instance for a company, we may
want to support multi-tenancy in the future. So I think this has to stay.
What sucks is how can an app developer find out this id? We can show
the ID in the admin console and/or even have a "base url" field for the
realm with a "Copy to Clipboard" button. The adapters could set
HttpServletRequest parameters pointing to logout and acct mgmt URLs too.
Any other ideas/concerns?
Bill
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
11 a.m.
I think we should remove the realm id, but require the realm name to be unique instead.
For an online SaaS this is a first come first serve, as most other things (OpenShift,
Gmail, etc).
Also, for the SaaS you'd probably want to have URLs like:
realname.keycloak.org/rest/tokens
instead of (or in addition to)
keycloak.org/rest/realname/tokens
----- Original Message -----
From: "Bill Burke" <bburke(a)redhat.com>
To: keycloak-dev(a)lists.jboss.org
Sent: Wednesday, 27 November, 2013 3:50:14 PM
Subject: [keycloak-dev] url problem with login/account mgmt
Apps may want to have a link back to login, logout, and account
management. The problem is this link has the form of:
/realms/{id}
Where {id} is this huge generated id. We do this because realm names
may not be unique in multi-tenancy environments. While our public cloud
plans are to create a dedicated server instance for a company, we may
want to support multi-tenancy in the future. So I think this has to stay.
What sucks is how can an app developer find out this id? We can show
the ID in the admin console and/or even have a "base url" field for the
realm with a "Copy to Clipboard" button. The adapters could set
HttpServletRequest parameters pointing to logout and acct mgmt URLs too.
Any other ideas/concerns?
As well as adapters I think we should have SDKs. These should make it easy to get these
URLs, as well as other things like for example retrieving the full user profile
Bill
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
4047
days inactive
4047
days old
1 comments
2 participants
participants (2)
-
Bill Burke -
Stian Thorgersen