7:43 p.m.
Any thoughts on where to define roles. It seems there may be three choices:
1. Define Roles in the user storage provider. I believe Red Hat Identity Manager
(LDAP) supports this for example. Then I believe Keycloak can be configured to load the
roles
2. Define Roles directly in Keycloak (possibly defined based on groups synced from
LDAP)
3. Define Roles in client applications (possibly defined based on groups queried from
Keycloak). I believe Wildly client adapter "Elytron" subsystem might support
this? Not sure. Custom clients certainly could query Keycloak for groups and then define
their own roles.
9:33 p.m.
Hi Ryan,
It really depends on your use case. You could potentially have a mix of all
three alternatives.
Regards.
Pedro Igor
On Tue, Apr 2, 2019 at 3:41 PM Ryan Slominski <ryans(a)jlab.org> wrote:
Any thoughts on where to define roles. It seems there may be three
choices:
1. Define Roles in the user storage provider. I believe Red Hat
Identity Manager (LDAP) supports this for example. Then I believe Keycloak
can be configured to load the roles
2. Define Roles directly in Keycloak (possibly defined based on groups
synced from LDAP)
3. Define Roles in client applications (possibly defined based on
groups queried from Keycloak). I believe Wildly client adapter "Elytron"
subsystem might support this? Not sure. Custom clients certainly could
query Keycloak for groups and then define their own roles.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2128
days inactive
2128
days old
1 comments
2 participants
participants (2)
-
Pedro Igor Silva -
Ryan Slominski