[keycloak-dev] using the same master client to manage multiple realms

[Gideon Caranzo]

Hi All,

I'd like to propose a feature wherein you can assign the same master client
to manage multiple realms.

Right now we are using composite roles for some api client credentials. The
issue we have is that if we need to assign or remove roles, we need to
update all realm clients. Also, if we add a new realm, we also need update
our composite roles and assign roles needed for the realm client.

So basically, in our case, we just need one client since all the realm
clients will have exactly the same assigned roles.
This will also improve performance if you have large number of realms since
you won't have a scenario wherein one composite role ends up loading all
roles for each realm client.

This can be implemented by having an option to specify the master client
when creating a realm. If a master client is specified, it will be created
or reused if it already exist.
Since this is only an option, the existing behavior will still be there
(create a master client for the realm).

I've created a proof of concept and got it working. It think this should be
feasible.

Let me know what you think. I'll be happy to submit a PR for this. Thanks.

Best regards,
Gideon