Skip to content

Architecture: Security

Rich Turner edited this page May 20, 2021 · 1 revision


User Guide


Manager UI

Assets & Attributes


Disabled Protocols

Manager APIs

Rules & forecasting

Identity & Security

Gateways & Devices


Developer Guide


Clone this wiki locally

Realm clients

For each realm created within the Manager (via UI, provisioning code or REST API) a client called openremote is automatically created and all the roles defined in ClientRole are automatically added to this client.

Service users

Service users are actually implemented using Keycloak clients with Service account enabled, this creates an 'invisibleuser account with a username in the formatservice-account-${clientId}` (invisible because they don't show in the user list in the Keycloak admin console). The client that is generated when a service user is created will also have the all the roles defined in ClientRole added to this client.