[keycloak-dev] Remove realm json at "/auth/realms/<realm name>"

Stian Thorgersen sthorger at redhat.com
Wed Aug 16 02:55:26 EDT 2017


Why split it into multiple subsystems? Are you only talking about the
ability to enable/disable? If so that can easily be added through the
profile feature like we do for authorization services. That's probably 2
min work.

The ability to expose admin endpoints on a different address/port would be
great.

On 15 August 2017 at 19:18, Bill Burke <bburke at redhat.com> wrote:

> The idea of that URL is to expose public information about the realm,
> i.e. public cert/key and public endpoint urls.  If this information is
> not being used and we have other mechanisms in place, then yeah, remove it.
>
> IMO, the jira you reference is unrelated.  Its about shutting down the
> admin console/API.  As far as that goes, it would be cool to split up
> keycloak into separate subsystems:
>
> * backend (required)
> * admin api/console
> * account service
> * authentication/brokering/token endpoints
>
> Even have the admin api/console be exposed from a different bind
> address/port.
>
> On 8/15/17 8:00 AM, Stian Thorgersen wrote:
> > I propose we remove the realm json returned at "/auth/realms/<realm
> name>"
> > and just return an empty page
> >
> > * It can end-up being visible to end-users - we should rather have a
> realm
> > welcome page / SSO landing page here
> > * It's not used by anything AFAIK
> > * From time to time people complain about it (
> > https://issues.jboss.org/browse/KEYCLOAK-5279 for instance, there's more
> > similar issues reported)
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>


More information about the keycloak-dev mailing list