[keycloak-dev] management problems

Stian Thorgersen stian at redhat.com
Thu May 1 11:41:30 EDT 2014 


----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: keycloak-dev at lists.jboss.org
> Sent: Thursday, 1 May, 2014 4:37:39 PM
> Subject: Re: [keycloak-dev] management problems
> 
> 
> 
> On 5/1/2014 11:24 AM, Stian Thorgersen wrote:
> >
> >
> > ----- Original Message -----
> >> From: "Bill Burke" <bburke at redhat.com>
> >> To: "Stian Thorgersen" <stian at redhat.com>
> >> Cc: keycloak-dev at lists.jboss.org
> >> Sent: Thursday, 1 May, 2014 4:19:26 PM
> >> Subject: Re: [keycloak-dev] management problems
> >>
> >>
> >>
> >> On 5/1/2014 10:16 AM, Stian Thorgersen wrote:
> >>>
> >>>
> >>> ----- Original Message -----
> >>>> From: "Bill Burke" <bburke at redhat.com>
> >>>> To: "Stian Thorgersen" <stian at redhat.com>
> >>>> Cc: keycloak-dev at lists.jboss.org
> >>>> Sent: Thursday, 1 May, 2014 3:11:48 PM
> >>>> Subject: Re: [keycloak-dev] management problems
> >>>>
> >>>>
> >>>>
> >>>> On 5/1/2014 9:30 AM, Stian Thorgersen wrote:
> >>>>> I'm wondering about what issues there are with having a single shared
> >>>>> admin
> >>>>> realm though. That seems the optional solution to me.
> >>>>>
> >>>>
> >>>> Isn't the issue multi-tenancy?
> >>>
> >>> We can grant admin users access to manage only specific realms though?
> >>>
> >>> Or are you thinking multi-tenancy for AeroGear?
> >>
> >> What I mean is that you want to manage Aerogear in a realm on a server
> >> that is multi-tenant (1 server managing multiple realms).  Can't really
> >> have a single shared admin realm in that case.
> >
> > I'm still not following :/
> >
> > Can you spoon-feed me an example?
> >
> 
> Aerogear UPS admin needs to:
> 
> * manage users
> * manage role mappings
> * manage oauth clients
> * Manage aerogear specific things
> 
> You want to have one login to do all those things.  This means there
> needs to be one realm to do all these things.  You could re-use the
> "keycloak-admin" realm, but re-using the "keycloak-admin" realm doesn't
> work if you're dealing with a Keycloak deployment that is managing
> multiple realms.  A.K.A.  Multi-tenancy.

The part I'm not understanding is why it doesn't work with a Keycloak deployment with multiple realms?

> 
> 
> 
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
>

More information about the keycloak-dev mailing list