The role-mapping sub-page looks awesome, but I don't think we can use
it. While most apps are only going to have a few roles, we could be
dealing with hundreds of roles depending on the deployment. The current
UI, IMO can't handle this scenario.
Another issue that will come up later is Role Groups. Role groups will
be able to have both realm and application roles within them. In a role
mapping list for the user, you should be able to see the role that was
assigned from a role group, but not remove it, and maybe also a way to
identify which group the role was inherited from.
I'm going to put a crude UI together with backend to flush things out a
little then will need some input and work done by Gabriel or Viliam to
put their artistic stamp on it.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com