[keycloak-dev] relationship between application and realm
Bill Burke
bburke at redhat.com
Thu Sep 12 08:38:17 EDT 2013
I want to bring this up again because I feel strongly about it. Having
"Application" separate from "Realm" or a top-level-menu item, is not a
good thing for many reasons. I'm talking about this idea of only
creating an Application for single apps through the admin UI and setting
up everything based only on the idea of an Application with no knowledge
of what a realm is.
* Realm is core to the implementation.
* Once you want to do SSO, you have to know what a realm is. This idea
of merging/exporting/importing an Application into a Realm seems just
very complex to me. I'm of the strong opinion that its just not a great
idea because SSO (and Single Log Out) is one of our key features.
* You're not creating an application within Keycloak, you're securing an
application. A Realm really pertains to the auth-server. Application
pertains to the
* JBoss, Tomcat, and Jetty, really most Java developers already know
what a Realm is. Even Basic Auth has the concept of a Realm. Realm is
just such a core concept to security.
* Removing the concept of a Realm for a single-app domain, doesn't
really simplify much for the user. All we're really asking the user to
do is specify a name for the realm and configure providers and manage
users at the realm level.
* Having a noticably different UI for a one-off-app vs. a multi-app
realm is just confusing to the user. It creates more work for us, for
very little gain.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list