[keycloak-dev] Realm users

Marek Posolda mposolda at redhat.com
Wed Sep 4 05:06:28 EDT 2013 

On 3.9.2013 20:39, Gabriel Cardoso wrote:
> Hi,
>
> after a hangout with Bill, we agreed to move forward in something less polemic than the application/realm creation, like the list of users.
>
> I've prototyped some mockups in Balsamic:
>
> Realm list of users: https://gatein.mybalsamiq.com/projects/keycloak/Realm%20list%20of%20users
It seems that some places in Keycloak are using "Name" (like 
https://gatein.mybalsamiq.com/projects/keycloak/Realm%20list%20of%20users ) 
some are using "Full name" (like 
http://ejsclient-cardosogabriel.rhcloud.com/saas-register.html and 
http://ejsclient-cardosogabriel.rhcloud.com/realm-register.html) and 
some places are using combination "First name/Last name" 
(https://gatein.mybalsamiq.com/projects/keycloak/Realm%20new%20user or 
https://gatein.mybalsamiq.com/projects/keycloak/Realm%20users%20search ).

How about be consistent and use just FirstName/LastName combination in 
all places? FullName is especially bad during registration as underlying 
model (class UserModel) is using combination of FirstName/LastName, 
which means that after registration, we must programatically parse 
fullName and try to obtain firstName/lastName from it (note that this is 
really not good as some languages are using 3 names, some others are 
using lastName before firstName etc...)
> Realm advanced search of users: https://gatein.mybalsamiq.com/projects/keycloak/Realm%20users%20search
Not sure what is difference between "search" and "advanced search" ? Is 
it that for "search" you can specify just one field and for "advanced 
search" you can specify more fields? I am asking because in the picture 
the "Bubble" is around "Search" but there is form for filling all 
fields, so it seems that it's more related to advanced search?
> Realm new user / edit user: https://gatein.mybalsamiq.com/projects/keycloak/Realm%20new%20user
I am not sure if I understand correctly 'By clicking it, the fields 
"Current password" and "New password" appear'. Does that mean that to 
change password administrator needs to know old password of user? I 
don't think that it is possible as in underlying backend model 
(Picketlink) are passwords saved hashed and salted, so administrator 
couldn't know the original password of user.

How about other credential types like TOTP?

Marek
>
> We basically agreed on:
> - Removing the users roles from the list view, since there can be a lot. Thus, to edit a user role, it is necessary to go to the user edition page.
> - Provide a basic search initially (searches in all fields) and an advanced search.
> - Present a different way to manage roles in the users page. A user can have multiple roles related to the realm and also to the different applications of the realm.
>
> What do you think?
> Gabriel
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev

More information about the keycloak-dev mailing list