5:43 a.m.
Hi all,
I am setting up an SSO server and i'm evaluating both CAS and Keycloak. One
of my main requirements is letting users have multiple teams and be a part
of multiple organizations. I'm trying to wrap my head around how to do this
in Keycloak. Something on the lines of what Github does -
https://github.com/blog/674-introducing-organizations As an evaluation
process, I've already created a POC using CAS.
I would really appreciate any pointers on how to do this with Keycloak.
Best,
Kunal
--
*KUNAL KERKAR *| PRODUCT ENGINEER
Plivo, Inc. 340 Pine St, San Francisco - 94104, USA
Web: www.plivo.com | Twitter: @plivo <http://twitter.com/plivo>;, @tsudot
<http://twitter.com/tsudot>
5:58 a.m.
I think u can investigate composite-roles for the same.
http://keycloak.github.io/docs/userguide/html/roles.html#d4e2207
The composite-roles can be client specific roles re-presenting your
organizations, and keycloak roles can be the actual "business roles" under
these composite roles.
HTH.
Subhro.
On Tue, Oct 13, 2015 at 4:13 PM, Kunal K <kunal(a)plivo.com> wrote:
Hi all,
I am setting up an SSO server and i'm evaluating both CAS and Keycloak.
One of my main requirements is letting users have multiple teams and be a
part of multiple organizations. I'm trying to wrap my head around how to
do this in Keycloak. Something on the lines of what Github does -
https://github.com/blog/674-introducing-organizations As an evaluation
process, I've already created a POC using CAS.
I would really appreciate any pointers on how to do this with Keycloak.
Best,
Kunal
--
*KUNAL KERKAR *| PRODUCT ENGINEER
Plivo, Inc. 340 Pine St, San Francisco - 94104, USA
Web: www.plivo.com | Twitter: @plivo <http://twitter.com/plivo>;, @tsudot
<http://twitter.com/tsudot>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
6:09 a.m.
We are also planning on introducing groups soon. Users will be able to
belong to one or more groups and a group can have roles and/or attributes
associated with it.
On 13 October 2015 at 12:58, Subhrajyoti Moitra <subhrajyotim(a)gmail.com>
wrote:
I think u can investigate composite-roles for the same.
http://keycloak.github.io/docs/userguide/html/roles.html#d4e2207
The composite-roles can be client specific roles re-presenting your
organizations, and keycloak roles can be the actual "business roles" under
these composite roles.
HTH.
Subhro.
On Tue, Oct 13, 2015 at 4:13 PM, Kunal K <kunal(a)plivo.com> wrote:
> Hi all,
>
> I am setting up an SSO server and i'm evaluating both CAS and Keycloak.
> One of my main requirements is letting users have multiple teams and be a
> part of multiple organizations. I'm trying to wrap my head around how to
> do this in Keycloak. Something on the lines of what Github does -
> https://github.com/blog/674-introducing-organizations As an evaluation
> process, I've already created a POC using CAS.
>
> I would really appreciate any pointers on how to do this with Keycloak.
>
> Best,
>
> Kunal
>
> --
> *KUNAL KERKAR *| PRODUCT ENGINEER
> Plivo, Inc. 340 Pine St, San Francisco - 94104, USA
> Web: www.plivo.com | Twitter: @plivo <http://twitter.com/plivo>;, @tsudot
> <http://twitter.com/tsudot>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
8:11 a.m.
Thanks Stian for the update. any more details about this group feature, if
you can pl share?
We are using composite roles currently to manage "business groups".
Since the group definitions are fixed and mutually exclusive, we are able
to manage it with composite roles.
Regards,
Subhro.
On Tue, Oct 13, 2015 at 4:39 PM, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
We are also planning on introducing groups soon. Users will be able
to
belong to one or more groups and a group can have roles and/or attributes
associated with it.
On 13 October 2015 at 12:58, Subhrajyoti Moitra <subhrajyotim(a)gmail.com>
wrote:
> I think u can investigate composite-roles for the same.
> http://keycloak.github.io/docs/userguide/html/roles.html#d4e2207
>
> The composite-roles can be client specific roles re-presenting your
> organizations, and keycloak roles can be the actual "business roles" under
> these composite roles.
>
> HTH.
> Subhro.
>
> On Tue, Oct 13, 2015 at 4:13 PM, Kunal K <kunal(a)plivo.com> wrote:
>
>> Hi all,
>>
>> I am setting up an SSO server and i'm evaluating both CAS and Keycloak.
>> One of my main requirements is letting users have multiple teams and be a
>> part of multiple organizations. I'm trying to wrap my head around how
>> to do this in Keycloak. Something on the lines of what Github does -
>> https://github.com/blog/674-introducing-organizations As an evaluation
>> process, I've already created a POC using CAS.
>>
>> I would really appreciate any pointers on how to do this with Keycloak.
>>
>> Best,
>>
>> Kunal
>>
>> --
>> *KUNAL KERKAR *| PRODUCT ENGINEER
>> Plivo, Inc. 340 Pine St, San Francisco - 94104, USA
>> Web: www.plivo.com | Twitter: @plivo <http://twitter.com/plivo>;, @tsudot
>> <http://twitter.com/tsudot>
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
11:18 a.m.
You just want something like github groups? List your requirements.
I am starting on Groups next week after 1.6 goes out.
On 10/13/2015 9:11 AM, Subhrajyoti Moitra wrote:
Thanks Stian for the update. any more details about this group
feature,
if you can pl share?
We are using composite roles currently to manage "business groups".
Since the group definitions are fixed and mutually exclusive, we are
able to manage it with composite roles.
Regards,
Subhro.
On Tue, Oct 13, 2015 at 4:39 PM, Stian Thorgersen <sthorger(a)redhat.com
<mailto:sthorger@redhat.com>> wrote:
We are also planning on introducing groups soon. Users will be able
to belong to one or more groups and a group can have roles and/or
attributes associated with it.
On 13 October 2015 at 12:58, Subhrajyoti Moitra
<subhrajyotim(a)gmail.com <mailto:subhrajyotim@gmail.com>> wrote:
I think u can investigate composite-roles for the same.
http://keycloak.github.io/docs/userguide/html/roles.html#d4e2207
The composite-roles can be client specific roles re-presenting
your organizations, and keycloak roles can be the actual
"business roles" under these composite roles.
HTH.
Subhro.
On Tue, Oct 13, 2015 at 4:13 PM, Kunal K <kunal(a)plivo.com
<mailto:kunal@plivo.com>> wrote:
Hi all,
I am setting up an SSO server and i'm evaluating both CAS
and Keycloak. One of my main requirements is letting users
have multiple teams and be a part of multiple organizations.
I'm trying to wrap my head around how to do this in
Keycloak. Something on the lines of what Github does -
https://github.com/blog/674-introducing-organizations As an
evaluation process, I've already created a POC using CAS.
I would really appreciate any pointers on how to do this
with Keycloak.
Best,
Kunal
--
*KUNAL KERKAR *| PRODUCT ENGINEER
Plivo, Inc. 340 Pine St, San Francisco - 94104, USA
Web: www.plivo.com <http://www.plivo.com/> | Twitter: @plivo
<http://twitter.com/plivo>;, @tsudot <http://twitter.com/tsudot>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
<mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
11:59 a.m.
Hi!
Would be great if you could include access control so that you can
administer people in group A but not in group B.
I understand that this request partially overlaps with multi-tenancy but
sometimes you want to have a single instance with separated administrators.
You could have, for example, a SaaS application where creating separate
instances doesn't make sense.
Thanks!
Best regards,
Thomas
On Oct 13, 2015 18:18, "Bill Burke" <bburke(a)redhat.com> wrote:
You just want something like github groups? List your requirements.
I am starting on Groups next week after 1.6 goes out.
On 10/13/2015 9:11 AM, Subhrajyoti Moitra wrote:
> Thanks Stian for the update. any more details about this group feature,
> if you can pl share?
> We are using composite roles currently to manage "business groups".
> Since the group definitions are fixed and mutually exclusive, we are
> able to manage it with composite roles.
>
> Regards,
> Subhro.
>
> On Tue, Oct 13, 2015 at 4:39 PM, Stian Thorgersen <sthorger(a)redhat.com
> <mailto:sthorger@redhat.com>> wrote:
>
> We are also planning on introducing groups soon. Users will be able
> to belong to one or more groups and a group can have roles and/or
> attributes associated with it.
>
> On 13 October 2015 at 12:58, Subhrajyoti Moitra
> <subhrajyotim(a)gmail.com <mailto:subhrajyotim@gmail.com>> wrote:
>
> I think u can investigate composite-roles for the same.
> http://keycloak.github.io/docs/userguide/html/roles.html#d4e2207
>
> The composite-roles can be client specific roles re-presenting
> your organizations, and keycloak roles can be the actual
> "business roles" under these composite roles.
>
> HTH.
> Subhro.
>
> On Tue, Oct 13, 2015 at 4:13 PM, Kunal K <kunal(a)plivo.com
> <mailto:kunal@plivo.com>> wrote:
>
> Hi all,
>
> I am setting up an SSO server and i'm evaluating both CAS
> and Keycloak. One of my main requirements is letting users
> have multiple teams and be a part of multiple organizations.
> I'm trying to wrap my head around how to do this in
> Keycloak. Something on the lines of what Github does -
> https://github.com/blog/674-introducing-organizations As an
> evaluation process, I've already created a POC using CAS.
>
> I would really appreciate any pointers on how to do this
> with Keycloak.
>
> Best,
>
> Kunal
>
>
> --
> *KUNAL KERKAR *| PRODUCT ENGINEER
> Plivo, Inc. 340 Pine St, San Francisco - 94104, USA
> Web: www.plivo.com <http://www.plivo.com/> | Twitter: @plivo
> <http://twitter.com/plivo>;, @tsudot <
http://twitter.com/tsudot>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> <mailto:keycloak-user@lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org <mailto:
keycloak-user(a)lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
12:22 p.m.
The plan is to introduce more fine grained control over permissions within
Keycloak in the future, but that's a separate issue to introducing group
support. We will most likely leverage group support once we do improve this
though.
On 13 October 2015 at 18:59, Thomas Raehalme <
thomas.raehalme(a)aitiofinland.com> wrote:
Hi!
Would be great if you could include access control so that you can
administer people in group A but not in group B.
I understand that this request partially overlaps with multi-tenancy but
sometimes you want to have a single instance with separated administrators.
You could have, for example, a SaaS application where creating separate
instances doesn't make sense.
Thanks!
Best regards,
Thomas
On Oct 13, 2015 18:18, "Bill Burke" <bburke(a)redhat.com> wrote:
> You just want something like github groups? List your requirements.
>
> I am starting on Groups next week after 1.6 goes out.
>
> On 10/13/2015 9:11 AM, Subhrajyoti Moitra wrote:
> > Thanks Stian for the update. any more details about this group feature,
> > if you can pl share?
> > We are using composite roles currently to manage "business groups".
> > Since the group definitions are fixed and mutually exclusive, we are
> > able to manage it with composite roles.
> >
> > Regards,
> > Subhro.
> >
> > On Tue, Oct 13, 2015 at 4:39 PM, Stian Thorgersen <sthorger(a)redhat.com
> > <mailto:sthorger@redhat.com>> wrote:
> >
> > We are also planning on introducing groups soon. Users will be able
> > to belong to one or more groups and a group can have roles and/or
> > attributes associated with it.
> >
> > On 13 October 2015 at 12:58, Subhrajyoti Moitra
> > <subhrajyotim(a)gmail.com <mailto:subhrajyotim@gmail.com>> wrote:
> >
> > I think u can investigate composite-roles for the same.
> >
> http://keycloak.github.io/docs/userguide/html/roles.html#d4e2207
> >
> > The composite-roles can be client specific roles re-presenting
> > your organizations, and keycloak roles can be the actual
> > "business roles" under these composite roles.
> >
> > HTH.
> > Subhro.
> >
> > On Tue, Oct 13, 2015 at 4:13 PM, Kunal K <kunal(a)plivo.com
> > <mailto:kunal@plivo.com>> wrote:
> >
> > Hi all,
> >
> > I am setting up an SSO server and i'm evaluating both CAS
> > and Keycloak. One of my main requirements is letting users
> > have multiple teams and be a part of multiple organizations.
> > I'm trying to wrap my head around how to do this in
> > Keycloak. Something on the lines of what Github does -
> > https://github.com/blog/674-introducing-organizations As an
> > evaluation process, I've already created a POC using CAS.
> >
> > I would really appreciate any pointers on how to do this
> > with Keycloak.
> >
> > Best,
> >
> > Kunal
> >
> >
> > --
> > *KUNAL KERKAR *| PRODUCT ENGINEER
> > Plivo, Inc. 340 Pine St, San Francisco - 94104, USA
> > Web: www.plivo.com <http://www.plivo.com/> | Twitter:
> @plivo
> > <http://twitter.com/plivo>;, @tsudot <
> http://twitter.com/tsudot>
> >
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org
> > <mailto:keycloak-user@lists.jboss.org>
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> >
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org <mailto:
> keycloak-user(a)lists.jboss.org>
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> >
> >
> >
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
6:29 a.m.
The scope of this is presumably groups within an individual realm?
Is there any possibility for "global" groups and roles that can span
multiple realms?
Tim
On 13/10/2015 17:18, Bill Burke wrote:
You just want something like github groups? List your requirements.
I am starting on Groups next week after 1.6 goes out.
On 10/13/2015 9:11 AM, Subhrajyoti Moitra wrote:
> Thanks Stian for the update. any more details about this group feature,
> if you can pl share?
> We are using composite roles currently to manage "business groups".
> Since the group definitions are fixed and mutually exclusive, we are
> able to manage it with composite roles.
>
> Regards,
> Subhro.
>
> On Tue, Oct 13, 2015 at 4:39 PM, Stian Thorgersen <sthorger(a)redhat.com
> <mailto:sthorger@redhat.com>> wrote:
>
> We are also planning on introducing groups soon. Users will be able
> to belong to one or more groups and a group can have roles and/or
> attributes associated with it.
>
> On 13 October 2015 at 12:58, Subhrajyoti Moitra
> <subhrajyotim(a)gmail.com <mailto:subhrajyotim@gmail.com>> wrote:
>
> I think u can investigate composite-roles for the same.
> http://keycloak.github.io/docs/userguide/html/roles.html#d4e2207
>
> The composite-roles can be client specific roles re-presenting
> your organizations, and keycloak roles can be the actual
> "business roles" under these composite roles.
>
> HTH.
> Subhro.
>
> On Tue, Oct 13, 2015 at 4:13 PM, Kunal K <kunal(a)plivo.com
> <mailto:kunal@plivo.com>> wrote:
>
> Hi all,
>
> I am setting up an SSO server and i'm evaluating both CAS
> and Keycloak. One of my main requirements is letting users
> have multiple teams and be a part of multiple organizations.
> I'm trying to wrap my head around how to do this in
> Keycloak. Something on the lines of what Github does -
> https://github.com/blog/674-introducing-organizations As an
> evaluation process, I've already created a POC using CAS.
>
> I would really appreciate any pointers on how to do this
> with Keycloak.
>
> Best,
>
> Kunal
>
>
> --
> *KUNAL KERKAR *| PRODUCT ENGINEER
> Plivo, Inc. 340 Pine St, San Francisco - 94104, USA
> Web: www.plivo.com <http://www.plivo.com/> | Twitter: @plivo
> <http://twitter.com/plivo>;, @tsudot
<http://twitter.com/tsudot>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> <mailto:keycloak-user@lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
9:34 a.m.
No, we are not creatin "global" groups and roles. use case please?.
We're trying to keep realms isolated from one another.
On 10/14/2015 7:29 AM, Tim Dudgeon wrote:
The scope of this is presumably groups within an individual realm?
Is there any possibility for "global" groups and roles that can span
multiple realms?
Tim
On 13/10/2015 17:18, Bill Burke wrote:
> You just want something like github groups? List your requirements.
>
> I am starting on Groups next week after 1.6 goes out.
>
> On 10/13/2015 9:11 AM, Subhrajyoti Moitra wrote:
>> Thanks Stian for the update. any more details about this group feature,
>> if you can pl share?
>> We are using composite roles currently to manage "business groups".
>> Since the group definitions are fixed and mutually exclusive, we are
>> able to manage it with composite roles.
>>
>> Regards,
>> Subhro.
>>
>> On Tue, Oct 13, 2015 at 4:39 PM, Stian Thorgersen <sthorger(a)redhat.com
>> <mailto:sthorger@redhat.com>> wrote:
>>
>> We are also planning on introducing groups soon. Users will be able
>> to belong to one or more groups and a group can have roles and/or
>> attributes associated with it.
>>
>> On 13 October 2015 at 12:58, Subhrajyoti Moitra
>> <subhrajyotim(a)gmail.com <mailto:subhrajyotim@gmail.com>>
wrote:
>>
>> I think u can investigate composite-roles for the same.
>> http://keycloak.github.io/docs/userguide/html/roles.html#d4e2207
>>
>> The composite-roles can be client specific roles re-presenting
>> your organizations, and keycloak roles can be the actual
>> "business roles" under these composite roles.
>>
>> HTH.
>> Subhro.
>>
>> On Tue, Oct 13, 2015 at 4:13 PM, Kunal K <kunal(a)plivo.com
>> <mailto:kunal@plivo.com>> wrote:
>>
>> Hi all,
>>
>> I am setting up an SSO server and i'm evaluating both CAS
>> and Keycloak. One of my main requirements is letting users
>> have multiple teams and be a part of multiple organizations.
>> I'm trying to wrap my head around how to do this in
>> Keycloak. Something on the lines of what Github does -
>> https://github.com/blog/674-introducing-organizations As an
>> evaluation process, I've already created a POC using CAS.
>>
>> I would really appreciate any pointers on how to do this
>> with Keycloak.
>>
>> Best,
>>
>> Kunal
>>
>>
>> --
>> *KUNAL KERKAR *| PRODUCT ENGINEER
>> Plivo, Inc. 340 Pine St, San Francisco - 94104, USA
>> Web: www.plivo.com <http://www.plivo.com/> | Twitter: @plivo
>> <http://twitter.com/plivo>;, @tsudot
<http://twitter.com/tsudot>
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>> <mailto:keycloak-user@lists.jboss.org>
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
<mailto:keycloak-user@lists.jboss.org>
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>>
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
9:53 a.m.
The use case for me is to use multiple realms for authentication (e.g.
one realm for each organisation) that can access a single application
using a common set of roles.
Its sort of discussed from a different perspective on the apiman list here:
http://lists.jboss.org/pipermail/apiman-user/2015-October/000361.html
Tim
On 14/10/2015 15:34, Bill Burke wrote:
No, we are not creatin "global" groups and roles. use case
please?.
We're trying to keep realms isolated from one another.
On 10/14/2015 7:29 AM, Tim Dudgeon wrote:
> The scope of this is presumably groups within an individual realm?
> Is there any possibility for "global" groups and roles that can span
> multiple realms?
>
> Tim
>
> On 13/10/2015 17:18, Bill Burke wrote:
>> You just want something like github groups? List your requirements.
>>
>> I am starting on Groups next week after 1.6 goes out.
>>
>> On 10/13/2015 9:11 AM, Subhrajyoti Moitra wrote:
>>> Thanks Stian for the update. any more details about this group feature,
>>> if you can pl share?
>>> We are using composite roles currently to manage "business
groups".
>>> Since the group definitions are fixed and mutually exclusive, we are
>>> able to manage it with composite roles.
>>>
>>> Regards,
>>> Subhro.
>>>
>>> On Tue, Oct 13, 2015 at 4:39 PM, Stian Thorgersen <sthorger(a)redhat.com
>>> <mailto:sthorger@redhat.com>> wrote:
>>>
>>> We are also planning on introducing groups soon. Users will be able
>>> to belong to one or more groups and a group can have roles and/or
>>> attributes associated with it.
>>>
>>> On 13 October 2015 at 12:58, Subhrajyoti Moitra
>>> <subhrajyotim(a)gmail.com <mailto:subhrajyotim@gmail.com>>
wrote:
>>>
>>> I think u can investigate composite-roles for the same.
>>> http://keycloak.github.io/docs/userguide/html/roles.html#d4e2207
>>>
>>> The composite-roles can be client specific roles re-presenting
>>> your organizations, and keycloak roles can be the actual
>>> "business roles" under these composite roles.
>>>
>>> HTH.
>>> Subhro.
>>>
>>> On Tue, Oct 13, 2015 at 4:13 PM, Kunal K <kunal(a)plivo.com
>>> <mailto:kunal@plivo.com>> wrote:
>>>
>>> Hi all,
>>>
>>> I am setting up an SSO server and i'm evaluating both CAS
>>> and Keycloak. One of my main requirements is letting users
>>> have multiple teams and be a part of multiple organizations.
>>> I'm trying to wrap my head around how to do this in
>>> Keycloak. Something on the lines of what Github does -
>>> https://github.com/blog/674-introducing-organizations As an
>>> evaluation process, I've already created a POC using CAS.
>>>
>>> I would really appreciate any pointers on how to do this
>>> with Keycloak.
>>>
>>> Best,
>>>
>>> Kunal
>>>
>>>
>>> --
>>> *KUNAL KERKAR *| PRODUCT ENGINEER
>>> Plivo, Inc. 340 Pine St, San Francisco - 94104, USA
>>> Web: www.plivo.com <http://www.plivo.com/> | Twitter:
@plivo
>>> <http://twitter.com/plivo>;, @tsudot
<http://twitter.com/tsudot>
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user(a)lists.jboss.org
>>> <mailto:keycloak-user@lists.jboss.org>
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user(a)lists.jboss.org
<mailto:keycloak-user@lists.jboss.org>
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user(a)lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
10:35 a.m.
That's just not how keycloak was designed.
Realms contain users, applications/clients, roles, groups etc. Realms
were meant to be completely isolated from one another.
On 10/14/2015 10:53 AM, Tim Dudgeon wrote:
The use case for me is to use multiple realms for authentication
(e.g.
one realm for each organisation) that can access a single application
using a common set of roles.
Its sort of discussed from a different perspective on the apiman list here:
http://lists.jboss.org/pipermail/apiman-user/2015-October/000361.html
Tim
On 14/10/2015 15:34, Bill Burke wrote:
> No, we are not creatin "global" groups and roles. use case please?.
> We're trying to keep realms isolated from one another.
>
> On 10/14/2015 7:29 AM, Tim Dudgeon wrote:
>> The scope of this is presumably groups within an individual realm?
>> Is there any possibility for "global" groups and roles that can span
>> multiple realms?
>>
>> Tim
>>
>> On 13/10/2015 17:18, Bill Burke wrote:
>>> You just want something like github groups? List your requirements.
>>>
>>> I am starting on Groups next week after 1.6 goes out.
>>>
>>> On 10/13/2015 9:11 AM, Subhrajyoti Moitra wrote:
>>>> Thanks Stian for the update. any more details about this group feature,
>>>> if you can pl share?
>>>> We are using composite roles currently to manage "business
groups".
>>>> Since the group definitions are fixed and mutually exclusive, we are
>>>> able to manage it with composite roles.
>>>>
>>>> Regards,
>>>> Subhro.
>>>>
>>>> On Tue, Oct 13, 2015 at 4:39 PM, Stian Thorgersen
<sthorger(a)redhat.com
>>>> <mailto:sthorger@redhat.com>> wrote:
>>>>
>>>> We are also planning on introducing groups soon. Users will be
able
>>>> to belong to one or more groups and a group can have roles
and/or
>>>> attributes associated with it.
>>>>
>>>> On 13 October 2015 at 12:58, Subhrajyoti Moitra
>>>> <subhrajyotim(a)gmail.com
<mailto:subhrajyotim@gmail.com>> wrote:
>>>>
>>>> I think u can investigate composite-roles for the same.
>>>>
http://keycloak.github.io/docs/userguide/html/roles.html#d4e2207
>>>>
>>>> The composite-roles can be client specific roles
re-presenting
>>>> your organizations, and keycloak roles can be the actual
>>>> "business roles" under these composite roles.
>>>>
>>>> HTH.
>>>> Subhro.
>>>>
>>>> On Tue, Oct 13, 2015 at 4:13 PM, Kunal K <kunal(a)plivo.com
>>>> <mailto:kunal@plivo.com>> wrote:
>>>>
>>>> Hi all,
>>>>
>>>> I am setting up an SSO server and i'm evaluating both
CAS
>>>> and Keycloak. One of my main requirements is letting
users
>>>> have multiple teams and be a part of multiple
organizations.
>>>> I'm trying to wrap my head around how to do this in
>>>> Keycloak. Something on the lines of what Github does -
>>>> https://github.com/blog/674-introducing-organizations As
an
>>>> evaluation process, I've already created a POC using
CAS.
>>>>
>>>> I would really appreciate any pointers on how to do this
>>>> with Keycloak.
>>>>
>>>> Best,
>>>>
>>>> Kunal
>>>>
>>>>
>>>> --
>>>> *KUNAL KERKAR *| PRODUCT ENGINEER
>>>> Plivo, Inc. 340 Pine St, San Francisco - 94104, USA
>>>> Web: www.plivo.com <http://www.plivo.com/> |
Twitter: @plivo
>>>> <http://twitter.com/plivo>;, @tsudot
<http://twitter.com/tsudot>
>>>>
>>>>
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user(a)lists.jboss.org
>>>> <mailto:keycloak-user@lists.jboss.org>
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user(a)lists.jboss.org
<mailto:keycloak-user@lists.jboss.org>
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user(a)lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
3356
days inactive
3357
days old
10 comments
6 participants
participants (6)
-
Bill Burke -
Kunal K -
Stian Thorgersen -
Subhrajyoti Moitra -
Thomas Raehalme -
Tim Dudgeon