[keycloak-dev] simplfying client creation

Bill Burke bburke at redhat.com
Mon Dec 21 10:31:52 EST 2015


The last phase of client templates would be to allow defining 
configuration items in the client template that the client inherits.  I 
was going to implement it as an either or.  There will be a switch 
"Inherit Template Configuration"  If this is off, then config items are 
taken from the client, otherwise they are taken from the template. 
There would be no mix and match.

FYI, I"m not sure I'll be able to finish this prior to our deadline of 
early January.  There's still a lot of JIRAs to do beyond this.

This week though, I think I want to rework and simplify client creation 
a bit more.  Create client on the admin console would only require must 
needed config attributes:

OIDC:
Client ID
Root URL
Choose Client Template if wanted

These would be the defaults:
* Access type: public (pretty much covers any use)
* enabled true
* Redirect URIs would default to Root/*
* Standard Flow true
* Direct Grants false
* Service Accounts false

SAML:
Client Entity ID:
SAML SP Endpoint (not required, can make it more fine grained)
Choose client template if wanted

* Sign Docs: true
* Sign Assertions: false
* Client Signature Required: true
* Force POST BInding true
* Front Channel logout: true
* Force Name ID Format: false
* Name ID Format username
* Valid Redirect URIS renamed to Valid Assertion Consumer Service URIs
* certs would be generated by default

I'm also going to add a method to LoginProtocolFactory:

setupDefaults(ClientModel).  When a client is created, this method would 
be called, then the defaults would be overriden if they are set in the 
ClientRepresentation.  Right now, all this default logic is in the admin 
console and I don't think it should be there.

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-dev mailing list