[aerogear-dev] Keycloak user/roles management

Matthias Wessendorf matzew at apache.org
Sun May 25 07:42:18 EDT 2014


Awesome! thanks!

I just merged the initial KC-Angular integration PR;

Now since the bits are on master, I feel more 'safe' to ask QE to test the
new components (e.g. KC and Angular based UI)

-Matthias


On Sat, May 24, 2014 at 7:00 PM, Bruno Oliveira <bruno at abstractj.org> wrote:

> On 2014-05-23, Matthias Wessendorf wrote:
> > On Fri, May 23, 2014 at 10:35 PM, Bruno Oliveira <bruno at abstractj.org
> >wrote:
> >
> > > I think might not be hard to handle most of these scenarios on
> Keycloak,
> > > but before move forward I would like to undestand why the admin is
> > > removed here:
> > >
> > >
> https://github.com/aerogear/aerogear-unifiedpush-server/blob/ecbe017e65eaf95f7b8ff8c47de670dc77d985aa/auth-server/src/main/java/org/jboss/aerogear/unifiedpush/keycloak/UpsKeycloakApplication.java#L52
> > >
> > > Any specific reason for it? I'm asking because I'm about to change it.
> > >
> >
> > I did follow the template we got from Bill:
> >
> https://github.com/keycloak/keycloak/blob/master/project-integrations/aerogear-ups/auth-server/src/main/java/org/aerogear/ups/security/UpsSecurityApplication.java#L35
> >
> > I think in that example there was no 'super-user' that is in charge of
> the
> > realm management
>
> Following with our plan, I removed that piece of code and attached to my
> angular PR.
>
> >
> >
> >
> > > Are we planning to build our own admin interface?
> > >
> >
> > nope; We will use theirs, but we may be applying our own theme to make it
> > look like UPS
> >
> >
> >
> > >
> > > On 2014-05-21, Matthias Wessendorf wrote:
> > > > Just a thought... regarding those two roles 'PushAdmin' and
> 'Super-User',
> > > > IMO the Super-user should be able to see all apps (and their
> variants,
> > > > including registered devices).
> > > >
> > > >
> > > >
> > > >
> > > > On Wed, May 21, 2014 at 2:55 PM, Bruno Oliveira <bruno at abstractj.org
> >
> > > wrote:
> > > >
> > > > > Thank you Matthias, I will look at it and return back with more
> > > > > questions if necessary.
> > > > >
> > > > > On 2014-05-21, Matthias Wessendorf wrote:
> > > > > > Hello,
> > > > > >
> > > > > > yes - the handling is done by Keycloak itself; Last time we
> looked at
> > > > > user
> > > > > > management, we had the following in terms of roles:
> > > > > >
> > > > > > https://gist.github.com/sebastienblanc/6547605
> > > > > >
> > > > > > Not sure the names of these roles are great.... let's see
> > > > > >
> > > > > > Basically I think the role definition in the gist still addresses
> > > most of
> > > > > > what we want to archive:
> > > > > > * super-user: in charge of managing the UPS realm (including
> users);
> > > can
> > > > > > see _ALL_ push applications  (that's the admin in Sebi's gist)
> > > > > > * PushAdmin: Someone that can manage applications and variants,
> but
> > > is
> > > > > not
> > > > > > able to add new users; he also sees only his
> applications/variants
> > > etc
> > > > > > (that's the developer in sebis gist)
> > > > > >
> > > > > > The gist also contains a 'Viewer' role - At this point I am not
> sure
> > > we
> > > > > do
> > > > > > really need this. My impression is that if we have PushAdmins
> for our
> > > > > 1.0.0
> > > > > > community release that will be enough.
> > > > > >
> > > > > > -Matthias
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > On Tue, May 20, 2014 at 10:02 PM, Bruno Oliveira <
> > > bruno at abstractj.org
> > > > > >wrote:
> > > > > >
> > > > > > > Good morning peeps,
> > > > > > >
> > > > > > > Before I jump in https://issues.jboss.org/browse/AGPUSH-639. I
> > > would
> > > > > > > like to understand what do you guys want say with this issue.
> > > > > > >
> > > > > > > Currently Keycloak already has its own user/roles managements.
> > > What do
> > > > > > > you guys are looking for? Any specific requirements?
> > > > > > >
> > > > > > > --
> > > > > > >
> > > > > > > abstractj
> > > > > > > _______________________________________________
> > > > > > > aerogear-dev mailing list
> > > > > > > aerogear-dev at lists.jboss.org
> > > > > > > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > Matthias Wessendorf
> > > > > >
> > > > > > blog: http://matthiaswessendorf.wordpress.com/
> > > > > > sessions: http://www.slideshare.net/mwessendorf
> > > > > > twitter: http://twitter.com/mwessendorf
> > > > >
> > > > > > _______________________________________________
> > > > > > aerogear-dev mailing list
> > > > > > aerogear-dev at lists.jboss.org
> > > > > > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> > > > >
> > > > >
> > > > > --
> > > > >
> > > > > abstractj
> > > > > _______________________________________________
> > > > > aerogear-dev mailing list
> > > > > aerogear-dev at lists.jboss.org
> > > > > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Matthias Wessendorf
> > > >
> > > > blog: http://matthiaswessendorf.wordpress.com/
> > > > sessions: http://www.slideshare.net/mwessendorf
> > > > twitter: http://twitter.com/mwessendorf
> > >
> > > > _______________________________________________
> > > > aerogear-dev mailing list
> > > > aerogear-dev at lists.jboss.org
> > > > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> > >
> > >
> > > --
> > >
> > > abstractj
> > > _______________________________________________
> > > aerogear-dev mailing list
> > > aerogear-dev at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> > >
> >
> >
> >
> > --
> > Matthias Wessendorf
> >
> > blog: http://matthiaswessendorf.wordpress.com/
> > sessions: http://www.slideshare.net/mwessendorf
> > twitter: http://twitter.com/mwessendorf
>
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
> --
>
> abstractj
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>



-- 
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20140525/dc7c7cd3/attachment-0001.html 


More information about the aerogear-dev mailing list