OAuth 2.0-based authentication of users and devices, user profile management, Single Sign-On (SSO) and Identity Federation across multiple administration domains.
I also did this which I don't believe was strictly necessary
MariaDB [idm]> insert into role_assignment (oauth_client_id, role_id, user_id) values ("[from user_authorized_application]", "purchaser", "admin");
I don't feel it should this easy to do this. Could this be handled somehow so it isn't possible to disable yourself as an admin when logged in as the only admin in the system and/or have the usual annoying (but useful here) "Are you really really sure you want to do this?" notification.
In testing, I accidentally managed to disable my admin rights when logged in as the only admin in the system in the Keyrock IDM interface.
All I needed to do was:
1 In the application, click on Authorize
2 Click on the role list next to the admin user and deselect Purchase and Provider
3 Save
I recovered by manually adding the relevant back into the role_assignment table:
MariaDB [idm]> insert into role_assignment (oauth_client_id, role_id, user_id) values ("[from user_authorized_application]", "provider", "admin");I also did this which I don't believe was strictly necessary
MariaDB [idm]> insert into role_assignment (oauth_client_id, role_id, user_id) values ("[from user_authorized_application]", "purchaser", "admin");I don't feel it should this easy to do this. Could this be handled somehow so it isn't possible to disable yourself as an admin when logged in as the only admin in the system and/or have the usual annoying (but useful here) "Are you really really sure you want to do this?" notification.