[keycloak-user] Group-Mapping

Simon Payne simonpayne58 at gmail.com
Tue Mar 27 04:43:55 EDT 2018 

if standalone-ha.xml is changed then a restart is necessary.

Simon.




On Tue, Mar 27, 2018 at 6:27 AM, Lahari Guntha <lahari.guntha at tcs.com>
wrote:

> ?Hi,
>
>
> Do we ?need to reload the keycloak server after changing the
> standalone.xml???
>
>
> Thanks & Regards,
>
> Lahari G
>
>
> ________________________________
> From: Simon Payne <simonpayne58 at gmail.com>
> Sent: 23 March 2018 20:40
> To: Lahari Guntha
> Cc: keycloak-user at lists.jboss.org
> Subject: Re: [keycloak-user] Group-Mapping
>
> if you are referring to the standard entry
>
> I simply added the expiration value to the existing local-cache entry for
> users
>
> <local-cache name="users">
>                     <eviction max-entries="10000" strategy="LRU"/>
>  </local-cache>
>
>
> then LRU means least recently used.  so it will cache 10,000 users and
> evict the least recently used when cache limit is reached.  obviously this
> will only evict users if you have greater than 10,000 in your system.  So
> in my case i changed to the following
>
> I simply added the expiration value to the existing local-cache entry for
> users
>
> <local-cache name="users">
>                     <eviction max-entries="10000" strategy="LRU"/>
>                     <expiration max-idle="1200000"/>
>  </local-cache>
>
> which will additionally expire entries after 20 minutes.
>
>
> full explanation can be found here https://docs.jboss.org/author/
> display/WFLY10/Infinispan+Subsystem
>
>
> On Fri, Mar 23, 2018 at 1:46 PM, Lahari Guntha <lahari.guntha at tcs.com
> <mailto:lahari.guntha at tcs.com>> wrote:
> ???Hi,
>
>
> Thanks Simon.
>
>
> Does setting "Cache Policy" to "No Cache"  option under "User Federation"
> makes any sense in this case?? as shown below?
>
>
> [cid:69b609f1-3662-4933-b316-29896ba797fe]
>
>
> Could someone explain the "Eviction" policy for user cache??
>
> What exactly will happen???
>
> ?
>
>
> Thanks & Regards,
>
> Lahari G
>
>
>
>
> ________________________________
> From: Simon Payne <simonpayne58 at gmail.com<mailto:simonpayne58 at gmail.com>>
> Sent: 16 March 2018 19:06
> To: Lahari Guntha
> Cc: keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
> Subject: Re: [keycloak-user] Group-Mapping
>
> hi, we recently experienced similar and found it to be user cache.  there
> is a setting in the ldap config which allows you to specify the cache
> value.  however, i found this to take no effect and eventually set a hard
> eviction rate to the configuration in the standalone-ha.xml for user cache.
>
>
>
> On Fri, Mar 16, 2018 at 11:48 AM, Lahari Guntha <lahari.guntha at tcs.com
> <mailto:lahari.guntha at tcs.com><mailto:lahari.guntha at tcs.com<mailto:l
> ahari.guntha at tcs.com>>> wrote:
> Hi All,
>
>
>
> We are using keycloak of version 3.3.0.CR2.
>
> I have my Keycloak integrated with LDAP.
>
> I have configured  many applications to have SSO with Keycloak. I have
> done all the configuration to have LDAP integration with Keycloak. I have
> also configured Group mappers so that groups from LDAP are also synced to
> LDAP.
>
> eg:
>
> Users in LDAP:  "user1"
>
> Groups in LDAP:  "group1","group2"
>
>
> When i login into one of my application that is configured to have SSO
> with keycloak with user "user1" that is present in group "group1"...that
> user entry gets shown in  the Keycloak UI page and we can also see the
> groups mapped to it.
>
>
> Now I add the user "user1" into another group "group2"...
>
> But now the newly added group is not reflected when click on User> Group
> Mapping.
>
>
> Why Is this happening??
>
>
> What is the solution to continuously sync the users with the groups they
> are present in/added newly automatically????
>
>
> Thanks,
>
> Lahari
> =====-----=====-----=====
> Notice: The information contained in this e-mail
> message and/or attachments to it may contain
> confidential or privileged information. If you are
> not the intended recipient, any dissemination, use,
> review, distribution, printing or copying of the
> information contained in this e-mail message
> and/or attachments to it are strictly prohibited. If
> you have received this communication in error,
> please notify us by reply e-mail or telephone and
> immediately and permanently delete the message
> and any attachments. Thank you
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org
> ><mailto:keycloak-user at lists.jboss.org<mailto:ke
> ycloak-user at lists.jboss.org>>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

More information about the keycloak-user mailing list