[keycloak-dev] Default roles for realms and applications
Stian Thorgersen
stian at redhat.com
Fri Oct 11 05:24:23 EDT 2013
It's the same problem with groups though. You'd need to have default group(s) for realms and applications. When you add a new application existing users would have to be added to the default group for the new application.
----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Friday, 11 October, 2013 1:22:43 AM
> Subject: Re: [keycloak-dev] Default roles for realms and applications
>
> Implementing Groups would solve this issue. Then you can modify the
> group and not worry about old users.
>
> On 10/10/2013 10:51 AM, Stian Thorgersen wrote:
> > At the moment we only have support for default roles for realms and I was
> > planning to add the same for applications.
> >
> > Currently when a new user registers the list of default roles for the realm
> > is added. This means that if you create the default roles for the realm,
> > roles for old users won't automatically reflect the changes. When adding
> > default roles for applications the problem becomes even worse as now
> > applications themselves can be added/remove after a user has been added.
> >
> > As I see it we have two options:
> >
> > 1. Try to keep the default roles for realms and applications in sync with
> > the roles for users
> > 2. Add the default roles for realms and applications to tokens directly
> >
> > To me option 2 seems the simplest/best
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list