[keycloak-dev] management problems
Bill Burke
bburke at redhat.com
Thu May 1 12:06:42 EDT 2014
Yes, as you would have to know to switch between realms. Defeats the
idea of Aerogear looking like one product.
On 5/1/2014 11:49 AM, Stian Thorgersen wrote:
> Is that really an issue?
>
> Users would just be admin users, there would be a separate realm for AeroGear users.
>
> And there'd probably be a single AeroGear console application, with a few associated roles.
>
> ----- Original Message -----
>> From: "Bill Burke" <bburke at redhat.com>
>> To: "Stian Thorgersen" <stian at redhat.com>
>> Cc: keycloak-dev at lists.jboss.org
>> Sent: Thursday, 1 May, 2014 4:47:24 PM
>> Subject: Re: [keycloak-dev] management problems
>>
>>
>>
>> On 5/1/2014 11:41 AM, Stian Thorgersen wrote:
>>>
>>>
>>> ----- Original Message -----
>>>> From: "Bill Burke" <bburke at redhat.com>
>>>> To: "Stian Thorgersen" <stian at redhat.com>
>>>> Cc: keycloak-dev at lists.jboss.org
>>>> Sent: Thursday, 1 May, 2014 4:37:39 PM
>>>> Subject: Re: [keycloak-dev] management problems
>>>>
>>>>
>>>>
>>>> On 5/1/2014 11:24 AM, Stian Thorgersen wrote:
>>>>>
>>>>>
>>>>> ----- Original Message -----
>>>>>> From: "Bill Burke" <bburke at redhat.com>
>>>>>> To: "Stian Thorgersen" <stian at redhat.com>
>>>>>> Cc: keycloak-dev at lists.jboss.org
>>>>>> Sent: Thursday, 1 May, 2014 4:19:26 PM
>>>>>> Subject: Re: [keycloak-dev] management problems
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 5/1/2014 10:16 AM, Stian Thorgersen wrote:
>>>>>>>
>>>>>>>
>>>>>>> ----- Original Message -----
>>>>>>>> From: "Bill Burke" <bburke at redhat.com>
>>>>>>>> To: "Stian Thorgersen" <stian at redhat.com>
>>>>>>>> Cc: keycloak-dev at lists.jboss.org
>>>>>>>> Sent: Thursday, 1 May, 2014 3:11:48 PM
>>>>>>>> Subject: Re: [keycloak-dev] management problems
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On 5/1/2014 9:30 AM, Stian Thorgersen wrote:
>>>>>>>>> I'm wondering about what issues there are with having a single shared
>>>>>>>>> admin
>>>>>>>>> realm though. That seems the optional solution to me.
>>>>>>>>>
>>>>>>>>
>>>>>>>> Isn't the issue multi-tenancy?
>>>>>>>
>>>>>>> We can grant admin users access to manage only specific realms though?
>>>>>>>
>>>>>>> Or are you thinking multi-tenancy for AeroGear?
>>>>>>
>>>>>> What I mean is that you want to manage Aerogear in a realm on a server
>>>>>> that is multi-tenant (1 server managing multiple realms). Can't really
>>>>>> have a single shared admin realm in that case.
>>>>>
>>>>> I'm still not following :/
>>>>>
>>>>> Can you spoon-feed me an example?
>>>>>
>>>>
>>>> Aerogear UPS admin needs to:
>>>>
>>>> * manage users
>>>> * manage role mappings
>>>> * manage oauth clients
>>>> * Manage aerogear specific things
>>>>
>>>> You want to have one login to do all those things. This means there
>>>> needs to be one realm to do all these things. You could re-use the
>>>> "keycloak-admin" realm, but re-using the "keycloak-admin" realm doesn't
>>>> work if you're dealing with a Keycloak deployment that is managing
>>>> multiple realms. A.K.A. Multi-tenancy.
>>>
>>> The part I'm not understanding is why it doesn't work with a Keycloak
>>> deployment with multiple realms?
>>>
>>
>> Because you're polluting the "keycloak-admin" realm with Aerogear
>> specific things: users, roles, applications, etc.
>>
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list