[keycloak-dev] new client type: "server"

Stian Thorgersen stian at redhat.com
Thu Jan 30 05:20:55 EST 2014 

I think it's a good idea to split the notion of client and application/service. Not sure I quite understand exactly what you are proposing would look like though.

We should gather requirements around "re-structuring" the model, and try to cover all basis. Some things to consider:

* WildFly (JavaEE deployments specifically) - how to best integrate with WildFly and JavaEE deployments
* non-JavaEE containers - can we provide a similar experience on non-JavaEE containers (LiveOak, Vert.x, etc.)
* Client types - service, html5, mobile, desktop
* Devices - phones, browsers, servers, computers
* Applications - resources that are accessed, so they don't need credentials. They don't have redirect uris, these should be associated with a client I think

----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Monday, 27 January, 2014 5:08:54 PM
> Subject: [keycloak-dev] new client type:  "server"
> 
> Stan's work on the Wildfly subsystem got me thinking about how we might
> want to reorganize keycloak.  Since multiple applications may often be
> deployed on the same server, what if we split the notion of Application
> and client?  Application would be a place to define application roles
> and application scope only.  A server can be associated with multiple
> applications.
> 
> For config/bootstrapping, the user would specify a server in the admin
> console and set up trust between the two.  Then the user could import
> deployments from a server and associate them with a realm and even
> download the the roles of each of these deployments and create
> Applications from them.  For OAuth tokens, server would specify the
> server's client_id as well as a scope.  The scope would be the
> Application the server is asking a token for.
> 
> So, a server would have:
> 
> * a client_id
> * credentials
> * admin URL
> * be associated with one or more Applications
> 
> Application would have:
> * roles
> * valid redirect urls  (which are associated with a server)
> * scope
> * sessions (view who's logged in where into what server)
> 
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>

More information about the keycloak-dev mailing list