Re: [keycloak-user] Default clients for a new realm

Hello, from my understanding and from reading the docs & mailing lists I'd explain the clients as follows: /account web application with UI, currently embedded in keycloak itself, that serves as a self-service account management application where users can change information about ther user account, change passwords, have a look at their active sessions etc. You should leave this if you want your users to be able to manage their account themselves. /admin-cli "technical" client (no UI) that was introduced in 1.7 and is used for direct-grants with access-type "public" and has scope to realm-management (which implies some client roles like: realm-admin, management-realm, manage-users, etc.) similarly like the security-admin-console. This client can also be used for configuring the realm via the REST API or the Keycloak admin-client. You should leave this if you want to administer your realm via the REST API. /broker "technical" client (no UI) is used for standard flow and has scope to read-token, allows the user to access any stored external tokens (via the broker service). You should leave this if you want to do indentity brokering. (guessing here) /realm-management "technical" client (no UI), similar to admin-cli but uses access-type bearer-only, which means that instead of doing the oauth dance you need to pass the access_token via the Authorization: Bearer TOKEN HTTP request header. You should leave this if you want to administer your realm via the REST API. /security-admin-console web application with UI, currently embedded in keycloak itself,  which serves as the management console you are using to configure your realm via the browser. From keycloaks perspective the admin-console is also just an oauth client. You should leave this if you want to administer your realm via the admin console (which you probably do). -- Perhaps it would help to populate description field with a brief summary for the "default" client definitions. Having those clients mentioned in the docs somewhere would be helpful as well. Cheers, Thomas 2016-04-12 23:03 GMT+02:00 Aikeaguinea <aikeaguinea(a)xsmail.com&gt;: > When I create a new realm, I see that the following clients are > automatically created in that realm: > > account > admin-cl > broker > realm-management > security-admin-console > > It's hard for me to tell whether or not to delete these clients > without > knowing what they're for, and I haven't successfully found > documentation > on the subject. Might someone explain what these are about? > > -- > http://www.fastmail.com - Accessible with your email software or over > the web > > _______________________________________________ > keycloak-user mailing list keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user