[keycloak-user] Set client roles to registered users automatically once synced from source LDAP/DB
Raphaël HOAREAU
raphoa at worteks.com
Fri May 18 04:04:07 EDT 2018
Can't you just create 'role-ldap-mapper' in your ldap user federation so
it reflects your ldap roles to keycloak realm or client roles ?
Assuming that roles in your local LDAP are the same (name) than the one
you use in keycloak.
Le 18/05/2018 à 08:32, valsaraj pv a écrit :
> Got this sample:
> https://gist.github.com/thomasdarimont/c4e739c5a319cf78a4cff3b87173a84b
>
> On Fri, May 18, 2018 at 10:39 AM, Subodh Joshi <subodhcjoshi82 at gmail.com>
> wrote:
>
>> You have to write script to run admin-cli commands
>> https://www.keycloak.org/docs/3.3/server_admin/topics/admin-cli.html
>>
>> On Fri, May 18, 2018 at 8:50 AM valsaraj pv <valsarajpv at gmail.com> wrote:
>>
>>> Do you have any links that will be helpful?
>>>
>>> On Fri 18 May, 2018, 7:17 AM Subodh Joshi, <subodhcjoshi82 at gmail.com>
>>> wrote:
>>>
>>>> I think admin-cli will help you regarding this but issue is documetation
>>>> is not that good.
>>>>
>>>> On Thu, 17 May 2018, 22:43 valsaraj pv, <valsarajpv at gmail.com> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> Here is the scenario:
>>>>> Java web application client registers users to local LDAP/DB and sets
>>>>> roles.
>>>>> These users are periodically synced to Keycloak. Roles are also synced
>>>>> once
>>>>> as it not changed more often.
>>>>> So when a user registered in local LDAP via application, they are also
>>>>> reflected in Keycloak but they can't access web application after login
>>>>> via
>>>>> Keycloak.
>>>>> The new users can access only after setting client roles manually.
>>>>> What is the best option to automate this. Is there is any API to set
>>>>> client
>>>>> roles?
>>>>> If available, we can't write code to set role in registration method
>>>>> since
>>>>> the users will be synced to Keycloak only on next sync. Then option is a
>>>>> delayed call which first ensures that the user reached Keycloak DB and
>>>>> then
>>>>> set role.
>>>>> Please share your thoughts!
>>>>>
>>>>> Thanks!
>>>>> _______________________________________________
>>>>> keycloak-user mailing list
>>>>> keycloak-user at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>
>> --
>> Subodh Chandra Joshi
>> subodh1_joshi82 at yahoo.co.in
>> http://www.trendsinnews.com
>>
>
>
--
Raphaël HOAREAU | Support & Hosting Solutions Manager
raphael.hoareau at worteks.com
+33 7 72 37 59 82
Worteks | https://www.worteks.com
More information about the keycloak-user
mailing list