[keycloak-user] Where to define Roles?
Pedro Igor Silva
psilva at redhat.com
Tue Apr 2 15:33:53 EDT 2019
Hi Ryan,
It really depends on your use case. You could potentially have a mix of all
three alternatives.
Regards.
Pedro Igor
On Tue, Apr 2, 2019 at 3:41 PM Ryan Slominski <ryans at jlab.org> wrote:
> Any thoughts on where to define roles. It seems there may be three
> choices:
>
>
> 1. Define Roles in the user storage provider. I believe Red Hat
> Identity Manager (LDAP) supports this for example. Then I believe Keycloak
> can be configured to load the roles
> 2. Define Roles directly in Keycloak (possibly defined based on groups
> synced from LDAP)
> 3. Define Roles in client applications (possibly defined based on
> groups queried from Keycloak). I believe Wildly client adapter "Elytron"
> subsystem might support this? Not sure. Custom clients certainly could
> query Keycloak for groups and then define their own roles.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list