[keycloak-dev] composite roles in

Bill Burke bburke at redhat.com
Wed Feb 5 08:24:24 EST 2014

On 2/5/2014 6:57 AM, Stian Thorgersen wrote:
> Instead of allowing multiple default roles should we not have a single initial role on a realm? This means we can remove the default roles page, and instead have a simple select list on the realm settings page.

I'd also like to consolidate default roles into one place on Realm Settings.

Implementation wise, default roles wouldn't be a composite as I don't 
want it showing up in role listings, or having to put in special logic 
not to show it.

> We could also have both a initial role and a default role associated with a realm. The initial role is provided to users when they register or are created through admin console, while the default role is always granted to all users.

I don't agree you need two different types here.  What we really need is 
the ability to apply bulk changes to users.

> When listing and selecting roles it would be good if there was some indication if it's a composite role or a simple role.

Ok, i'll add that.

> Editing the roles is a bit confusing as the "Composite Realm Roles" and "Composite Application Roles" sections are always shown. It was more clear when there was a "composite" on/off toggle.

Having a toggle at the Representation and data model was annoying, 
specifically having to specify composite: true in the json import file. 
  I forgot it twice when writing the tests :)

So, i'll add the on/off toggle just to show/hide the composite field sets.

> Also, can we have composite app roles? If so can a composite app role consist of roles for other apps and realm?

Apps or realms can have composite roles.  These composites can be made 
up of any realm or app role.  Does the app-role screen not allow 
composites, not work?

Can't do cross-realm composites.

> ----- Original Message -----
>> From: "Bill Burke" <bburke at redhat.com>
>> To: keycloak-dev at lists.jboss.org
>> Sent: Tuesday, 4 February, 2014 11:46:04 PM
>> Subject: [keycloak-dev] composite roles in
>> I still need to do a screencast (and eventually do some documentation).
>>    I'm waiting on that as I want to see how our UI might change for the
>> next release.  I had to change a bit in the import realm json
>> representation to support composites.
>> I'm going to take a look at Stan's Wildfly subsystem work next and see
>> if it can be improved at all, or if its ready to go.
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> .

Bill Burke
JBoss, a division of Red Hat

More information about the keycloak-dev mailing list