Architecture: Security
Rich Turner edited this page May 20, 2021
·
1 revision
Home
User Guide
Deploying
Manager UI
Assets & Attributes
Agents/Protocols
- Overview
- Bluetooth Mesh
- HTTP
- KNX
- LoRa
- MQTT
- Simulator
- SNMP
- Serial
- TCP
- UDP
- Velbus
- Websocket
- Z-Wave
- Partner Integrations
Disabled Protocols
Manager APIs
Rules & forecasting
Identity & Security
Gateways & Devices
- OpenRemote as Edge Gateway
- Auto provisioning devices and users
- Connect ESP32 or ESP8266 using MQTT
- Firmware updating with Hawkbit
- Partner Integrations
Tutorials
- Weather data using HTTP Agent
- Connect Your MQTT Client
- ChirpStack LoRaWAN Integration
- Celcius to Fahrenheit with Flow
- Configure mobile app behaviour
- Simulating data in attribute
- Create an Energy Management System
Developer Guide
- Preparing the environment
- Installing and using Docker
- Setting up an IDE
- Building and testing
- Working on UI and apps
- Working on maps
- Docker compose profiles
- Creating a custom project
- Maintaining an installation
- Adding Widgets on Insights
- Working on the mobile consoles
- Connecting Protocol adaptors with Agents
- Edge device firmware updating
- Licensing guidelines for contributors
- Useful commands and queries
- Data migration
Architecture
Clone this wiki locally
Realm clients
For each realm created within the Manager (via UI, provisioning code or REST API) a client called openremote is automatically created and all the roles defined in ClientRole are automatically added to this client.
Service users
Service users are actually implemented using Keycloak clients with Service account enabled, this creates an 'invisibleuser account with a username in the formatservice-account-${clientId}` (invisible because they don't show in the user list in the Keycloak admin console). The client that is generated when a service user is created will also have the all the roles defined in ClientRole added to this client.