[keycloak-dev] Restricting the scope of admin

Bill Burke bburke at redhat.com
Tue May 27 11:16:07 EDT 2014


Please check out the project here.  IMO, this is how you'll want to set 
up aerogear:

https://github.com/keycloak/keycloak/tree/master/project-integrations/aerogear-ups

With aerogear, IMO, you'll want to remove the admin user of the master 
realm.  We added a feature that you can have a admin user directly in 
your realm within the admin console.  Please read this:

https://github.com/keycloak/keycloak/tree/master/project-integrations/aerogear-ups 


The realm import enables an admin user with permissions to modify the 
aerogear realm.

https://github.com/keycloak/keycloak/blob/master/project-integrations/aerogear-ups/auth-server/src/main/webapp/WEB-INF/testrealm.json

On 5/27/2014 7:58 AM, Bruno Oliveira wrote:
> Good morning guys, following the requirements of Push server. We on
> AeroGear would like to restrict the scope of Admin.
>
> Following the integration samples here:
> https://github.com/keycloak/keycloak/blob/master/project-integrations/aerogear-ups/auth-server/src/main/java/org/aerogear/ups/security/UpsSecurityApplication.java#L32.
>
> The downside of remove the admin is that we can't manage our users anymore (correct me if I'm wrong).
> This is not a big deal if you add a new user or update the current admin with the appropriate
> permissions. The odd thing is: after login I'm immediately kicked out of KC
> admin, probably I'm doing something wrong for sure, but I couldn't figure
> out yet.
>
> This is the piece of code being tested:
> https://github.com/abstractj/aerogear-unifiedpush-server/commit/4814e75f1e5bfc31919bb51f00623a3948829861#diff-fb1187c03792f02a16e7bb8642ad6052R67
>
> And this is the log file:
> https://gist.github.com/abstractj/eb75d6210eb29394d139. It seems like
> everything goes well here:
> https://gist.github.com/abstractj/eb75d6210eb29394d139#file-log-txt-L5,
> but maybe I'm missing the mgmt configuration?
> https://gist.github.com/abstractj/eb75d6210eb29394d139#file-log-txt-L7
>
> Thanks in advance.
>
> --
>
> abstractj
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-dev mailing list