[keycloak-user] Set client roles to registered users automatically once synced from source LDAP/DB

Subodh Joshi subodhcjoshi82 at gmail.com
Fri May 18 06:17:22 EDT 2018 

We used admin-cli in our project to make things automate some first time
system brought up,we create user/group/client/realm  and map group with
user ,See if this will help you to automate your requirement.

https://mytechnicallife.quora.com/Keycloak-how-to-work-with-admin-cli

Thanks & regards

On Fri, May 18, 2018 at 1:42 PM valsaraj pv <valsarajpv at gmail.com> wrote:

> Yes,  'role-ldap-mapper created & those roles appeared in Keyclock client
> set in mapper. But these roles were not assigned to users. For that need to
> open user from admin cosole & select client abd set client roles. I am
> checking how to automate this.
>
> On Fri, May 18, 2018 at 1:34 PM, Raphaël HOAREAU <raphoa at worteks.com>
> wrote:
>
> > Can't you just create 'role-ldap-mapper' in your ldap user federation so
> > it reflects your ldap roles to keycloak realm or client roles ?
> >
> > Assuming that roles in your local LDAP are the same (name) than the one
> > you use in keycloak.
> >
> >
> > Le 18/05/2018 à 08:32, valsaraj pv a écrit :
> > > Got this sample:
> > >
> https://gist.github.com/thomasdarimont/c4e739c5a319cf78a4cff3b87173a84b
> > >
> > > On Fri, May 18, 2018 at 10:39 AM, Subodh Joshi <
> subodhcjoshi82 at gmail.com
> > >
> > > wrote:
> > >
> > >> You have to write script to run admin-cli commands
> > >> https://www.keycloak.org/docs/3.3/server_admin/topics/admin-cli.html
> > >>
> > >> On Fri, May 18, 2018 at 8:50 AM valsaraj pv <valsarajpv at gmail.com>
> > wrote:
> > >>
> > >>> Do you have any links that will be helpful?
> > >>>
> > >>> On Fri 18 May, 2018, 7:17 AM Subodh Joshi, <subodhcjoshi82 at gmail.com
> >
> > >>> wrote:
> > >>>
> > >>>> I think admin-cli will help you regarding this but issue is
> > documetation
> > >>>> is not that good.
> > >>>>
> > >>>> On Thu, 17 May 2018, 22:43 valsaraj pv, <valsarajpv at gmail.com>
> wrote:
> > >>>>
> > >>>>> Hi,
> > >>>>>
> > >>>>> Here is the scenario:
> > >>>>> Java web application client registers users to local LDAP/DB and
> sets
> > >>>>> roles.
> > >>>>> These users are periodically synced to Keycloak. Roles are also
> > synced
> > >>>>> once
> > >>>>> as it not changed more often.
> > >>>>> So when a user registered in local LDAP via application, they are
> > also
> > >>>>> reflected in Keycloak but they can't access web application after
> > login
> > >>>>> via
> > >>>>> Keycloak.
> > >>>>> The new users can access only after setting client roles manually.
> > >>>>> What is the best option to automate this. Is there is any API to
> set
> > >>>>> client
> > >>>>> roles?
> > >>>>> If available, we can't write code to set role in registration
> method
> > >>>>> since
> > >>>>> the users will be synced to Keycloak only on next sync. Then option
> > is a
> > >>>>> delayed call which first ensures that the user reached Keycloak DB
> > and
> > >>>>> then
> > >>>>> set role.
> > >>>>> Please share your thoughts!
> > >>>>>
> > >>>>> Thanks!
> > >>>>> _______________________________________________
> > >>>>> keycloak-user mailing list
> > >>>>> keycloak-user at lists.jboss.org
> > >>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> > >>>>>
> > >> --
> > >> Subodh Chandra Joshi
> > >> subodh1_joshi82 at yahoo.co.in
> > >> http://www.trendsinnews.com
> > >>
> > >
> > >
> > --
> > Raphaël HOAREAU | Support & Hosting Solutions Manager
> >
> > raphael.hoareau at worteks.com
> > +33 7 72 37 59 82
> >
> > Worteks | https://www.worteks.com
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
>
>
> --
> Life is like this: "Just when we get all the answers of life.... God
> changes the question paper....
>
> Valsaraj Viswanathan
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user



-- 
Subodh Chandra Joshi
subodh1_joshi82 at yahoo.co.in
http://www.trendsinnews.com

More information about the keycloak-user mailing list