[keycloak-dev] creating a realm UI

Bill Burke bburke at redhat.com
Wed Sep 4 07:48:46 EDT 2013 


On 9/4/2013 5:27 AM, Marek Posolda wrote:
> On 3.9.2013 16:10, Bill Burke wrote:
>> I was thinking about this a little more.  What does an admin need to
>> create an initial social or SSO realm?  Minimally for 1st application?
>>
>> * Name of Realm
>> * Name of Application
>> * Credentials for Application (password)
>> * Enable Social
>> * Enable Registration
>>
>> So, initial page could be:
>>
>> New Realm Name: xxxxxxx
>> Social X Registration X
> There are much more options for realm, would those be accessible during
> registration as well?

They would be accessible after the initial steps.  The idea is to be 
able to get to a working prototype as fast as possible.

> It seems that we will also need something to
> handle upload of public/private keys for particular realm to use that
> realm?

Keycloak server can generate the key pair in most cases.  We can add the 
ability to set the pair later if asked for by users.

> I wonder if it's good idea to initialize it from Keystore file,
> which could be possibly uploaded through UI, but admin would need to
> specify key alias/keystore password and key password in this case...
>

That could be an option, but again, I think its simpler for user if 
keycloak server generates the key pair.

> For social registration, it seems that we will need to specify which
> social providers will be available for each realm (For example Realm X
> will allow to register users through Facebook or Twitter, Realm Y will
> allow users to register users through Google etc.)

Why would we have this option?  Why would users want google/fb, but not 
twitter/yahoo?

> It seems that we will
> also need that each realm will have different combinations for
> consumerKey/consumerSecret for particular providers (actually it's
> shared and consumerKey/consumerSecret are initialized from system
> properties). Not sure if we want to allow all those settings to be part
> of Realm registration page or later during realm editing?
>

We talked before about having a global keycloak account for the Saas 
service so that initial users would have less setup.  This of course 
could be overriden.

But....

We also discussed *NOT* having a SaaS service, but instead providing a 
Openshift cartridge that could be installed.  I don't think it is 
possible to automate account creation on these social sites.  Do you?


-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

More information about the keycloak-dev mailing list