[keycloak-dev] composite roles in

Bill Burke bburke at redhat.com
Wed Feb 5 08:24:24 EST 2014 


On 2/5/2014 6:57 AM, Stian Thorgersen wrote:
> Instead of allowing multiple default roles should we not have a single initial role on a realm? This means we can remove the default roles page, and instead have a simple select list on the realm settings page.
>

I'd also like to consolidate default roles into one place on Realm Settings.

Implementation wise, default roles wouldn't be a composite as I don't 
want it showing up in role listings, or having to put in special logic 
not to show it.

> We could also have both a initial role and a default role associated with a realm. The initial role is provided to users when they register or are created through admin console, while the default role is always granted to all users.
>

I don't agree you need two different types here.  What we really need is 
the ability to apply bulk changes to users.

> When listing and selecting roles it would be good if there was some indication if it's a composite role or a simple role.
>

Ok, i'll add that.

> Editing the roles is a bit confusing as the "Composite Realm Roles" and "Composite Application Roles" sections are always shown. It was more clear when there was a "composite" on/off toggle.

Having a toggle at the Representation and data model was annoying, 
specifically having to specify composite: true in the json import file. 
  I forgot it twice when writing the tests :)

So, i'll add the on/off toggle just to show/hide the composite field sets.

> Also, can we have composite app roles? If so can a composite app role consist of roles for other apps and realm?
>

Apps or realms can have composite roles.  These composites can be made 
up of any realm or app role.  Does the app-role screen not allow 
composites, not work?

Can't do cross-realm composites.

> ----- Original Message -----
>> From: "Bill Burke" <bburke at redhat.com>
>> To: keycloak-dev at lists.jboss.org
>> Sent: Tuesday, 4 February, 2014 11:46:04 PM
>> Subject: [keycloak-dev] composite roles in
>>
>> I still need to do a screencast (and eventually do some documentation).
>>    I'm waiting on that as I want to see how our UI might change for the
>> next release.  I had to change a bit in the import realm json
>> representation to support composites.
>>
>> I'm going to take a look at Stan's Wildfly subsystem work next and see
>> if it can be improved at all, or if its ready to go.
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
> .
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

More information about the keycloak-dev mailing list