Replies: 3 comments 1 reply
-
|
I don't see necessarily see this as an alternative to #13598, I rather see it as a minimum implementation of the ideas discussed there. |
Beta Was this translation helpful? Give feedback.
-
|
Note that we're actively working on being able to register custom tabs and other navigational elements in the Admin Console through Java SPIs. @edewit has done some work for this under #23772, which will likely carry over into the Account Console eventually as we unify the customization code. |
Beta Was this translation helpful? Give feedback.
-
|
@jbman how about that we introduce another tab type so that you can register a tab anywhere in the console, but instead of configuring the fields you want to have there we put a iframe there and you specify the address? |
Beta Was this translation helpful? Give feedback.
-
|
Iframe based integration would also be an option if the extension application is hosted at the same domain (e.g. an own account console theme). However the integrated page then needs to have the look and controls somewhat aligned and also navigating away needs to prevented there. I think that a link with context data is the most basic integration where both applications don't need to much effort and the admin user still can easily find an additional feature (at realm-, user-, group- or role level) |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
The Account console is currently missing a way to extend it e.g. for configuration of Keycloak extensions or for additional features related to Keycloak entities.
In other discussions like #13598 it is requested to enhance the console with custom tabs. This idea is about a more lightweight integration of custom UIs, so that an admin can just navigate to an add-on application. Context data (e.g. Keyclaok realm) is provided to the add-on application with URL parameters.
Each navigation link opens an add-on web-application which runs alongside the Keycloak instance. It can be implemented with any UI framework or stack of choice. It could also be a fork of the account console. That's how we currently provide some screens admin users.
The add-on application itself needs to authenticate the user against Keycloak and may use the access token to call custom Keycloak extension endpoints.
Example
At the realm level, add-on UIs would be listed at a tab "Add-ons".
The admin can navigate to an add-on (e.g. "Create reports"):
From the add-on it should be possible to go back to the admin console.
Add-ons at different Keycloak entities
The navigation links could be related to different Keycloak entities, e.g. users, so that an admin could open an add-on which has the Keycloak User ID availble as context.
Example:
Add-ons could be supported for realms, users, groups and roles.
SPI for Add-ons
The SPI implementation should be able to provide
An implementation helper class or default implementation can resolve a localized link name based on Keycloak realm localization and provide the context with a pre-defined URL parameter (e.g. "realmId=5c40486e-00c7-4837-b9a3-9df727676724").
The SPI implementation could load and pass any Keycloak data via URL parameter (e.g. user ID, user email, firstname and lastname). This is useful if the add-on doesn't load data from Keycloak but just uses the URL parameters (e.g. for sending an email to a user).
The add-on application should provide a link back to the account console, which is passed as additional URL parameter.
Feedback
What do you think of such an extension mechanism?
Do you have other example use cases where you would use such an integration?
Does it miss anything other, than the direct integration of a screen in the Admin Console?
Beta Was this translation helpful? Give feedback.
All reactions