[keycloak-user] Keycloak to set up Teams and Organizations

Bill Burke bburke at redhat.com
Wed Oct 14 11:35:38 EDT 2015 

That's just not how keycloak was designed.

Realms contain users, applications/clients, roles, groups etc.  Realms 
were meant to be completely isolated from one another.

On 10/14/2015 10:53 AM, Tim Dudgeon wrote:
> The use case for me is to use multiple realms for authentication (e.g.
> one realm for each organisation) that can access a single application
> using a common set of roles.
> Its sort of discussed from a different perspective on the apiman list here:
> http://lists.jboss.org/pipermail/apiman-user/2015-October/000361.html
>
> Tim
>
> On 14/10/2015 15:34, Bill Burke wrote:
>> No, we are not creatin "global" groups and roles. use case please?.
>> We're trying to keep realms isolated from one another.
>>
>> On 10/14/2015 7:29 AM, Tim Dudgeon wrote:
>>> The scope of this is presumably groups within an individual realm?
>>> Is there any possibility for "global" groups and roles that can span
>>> multiple realms?
>>>
>>> Tim
>>>
>>> On 13/10/2015 17:18, Bill Burke wrote:
>>>> You just want something like github groups?  List your requirements.
>>>>
>>>> I am starting on Groups next week after 1.6 goes out.
>>>>
>>>> On 10/13/2015 9:11 AM, Subhrajyoti Moitra wrote:
>>>>> Thanks Stian for the update. any more details about this group feature,
>>>>> if you can pl share?
>>>>> We are using composite roles currently to manage "business groups".
>>>>> Since the group definitions are fixed and mutually exclusive, we are
>>>>> able to manage it with composite roles.
>>>>>
>>>>> Regards,
>>>>> Subhro.
>>>>>
>>>>> On Tue, Oct 13, 2015 at 4:39 PM, Stian Thorgersen <sthorger at redhat.com
>>>>> <mailto:sthorger at redhat.com>> wrote:
>>>>>
>>>>>         We are also planning on introducing groups soon. Users will be able
>>>>>         to belong to one or more groups and a group can have roles and/or
>>>>>         attributes associated with it.
>>>>>
>>>>>         On 13 October 2015 at 12:58, Subhrajyoti Moitra
>>>>>         <subhrajyotim at gmail.com <mailto:subhrajyotim at gmail.com>> wrote:
>>>>>
>>>>>             I think u can investigate composite-roles for the same.
>>>>>             http://keycloak.github.io/docs/userguide/html/roles.html#d4e2207
>>>>>
>>>>>             The composite-roles can be client specific roles re-presenting
>>>>>             your organizations, and keycloak roles can be the actual
>>>>>             "business roles" under these composite roles.
>>>>>
>>>>>             HTH.
>>>>>             Subhro.
>>>>>
>>>>>             On Tue, Oct 13, 2015 at 4:13 PM, Kunal K <kunal at plivo.com
>>>>>             <mailto:kunal at plivo.com>> wrote:
>>>>>
>>>>>                 Hi all,
>>>>>
>>>>>                 I am setting up an SSO server and i'm evaluating both CAS
>>>>>                 and Keycloak. One of my main requirements is letting users
>>>>>                 have multiple teams and be a part of multiple organizations.
>>>>>                 I'm trying to wrap my head around how to do this in
>>>>>                 Keycloak. Something on the lines of what Github does -
>>>>>                 https://github.com/blog/674-introducing-organizations As an
>>>>>                 evaluation process, I've already created a POC using CAS.
>>>>>
>>>>>                 I would really appreciate any pointers on how to do this
>>>>>                 with Keycloak.
>>>>>
>>>>>                 Best,
>>>>>
>>>>>                 Kunal
>>>>>
>>>>>
>>>>>                 --
>>>>>                 *KUNAL KERKAR *| PRODUCT ENGINEER
>>>>>                 Plivo, Inc. 340 Pine St, San Francisco - 94104, USA
>>>>>                 Web: www.plivo.com <http://www.plivo.com/> | Twitter: @plivo
>>>>>                 <http://twitter.com/plivo>, @tsudot <http://twitter.com/tsudot>
>>>>>
>>>>>
>>>>>                 _______________________________________________
>>>>>                 keycloak-user mailing list
>>>>>                 keycloak-user at lists.jboss.org
>>>>>                 <mailto:keycloak-user at lists.jboss.org>
>>>>>                 https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>
>>>>>
>>>>>
>>>>>             _______________________________________________
>>>>>             keycloak-user mailing list
>>>>>             keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>>>>>             https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> keycloak-user mailing list
>>>>> keycloak-user at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

More information about the keycloak-user mailing list