[keycloak-dev] new client type: "server"

[Bill Burke]

Stan's work on the Wildfly subsystem got me thinking about how we might 
want to reorganize keycloak.  Since multiple applications may often be 
deployed on the same server, what if we split the notion of Application 
and client?  Application would be a place to define application roles 
and application scope only.  A server can be associated with multiple 
applications.

For config/bootstrapping, the user would specify a server in the admin 
console and set up trust between the two.  Then the user could import 
deployments from a server and associate them with a realm and even 
download the the roles of each of these deployments and create 
Applications from them.  For OAuth tokens, server would specify the 
server's client_id as well as a scope.  The scope would be the 
Application the server is asking a token for.

So, a server would have:

* a client_id
* credentials
* admin URL
* be associated with one or more Applications

Application would have:
* roles
* valid redirect urls  (which are associated with a server)
* scope
* sessions (view who's logged in where into what server)

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com