[keycloak-user] Set client roles to registered users automatically once synced from source LDAP/DB

Tue May 22 03:49:34 EDT 2018

 roles from LDAP are available in Keycloak  - worked
they are assigned to users in Keycloak - I checked both realm roles &
client roles. But not shown when I opened the user in KC admin console.
I will check LDAP sample.

On Tue, May 22, 2018 at 12:34 PM, Marek Posolda <mposolda at redhat.com> wrote:

> That's strange. The role-kdap-mapper should ensure that roles from LDAP
> are available in Keycloak and also that they are assigned to users in
> Keycloak. So Keycloak should be able to see the role mappings based on the
> role mappings in LDAP. It's just a matter of correct configuration. You can
> take a look at "keycloak-examples" distribution and the example "ldap" to
> see how to configure things.
>
> Marek
>
>
> On 18/05/18 10:11, valsaraj pv wrote:
>
>> Yes,  'role-ldap-mapper created & those roles appeared in Keyclock client
>> set in mapper. But these roles were not assigned to users. For that need
>> to
>> open user from admin cosole & select client abd set client roles. I am
>> checking how to automate this.
>>
>> On Fri, May 18, 2018 at 1:34 PM, Raphaël HOAREAU <raphoa at worteks.com>
>> wrote:
>>
>> Can't you just create 'role-ldap-mapper' in your ldap user federation so
>>> it reflects your ldap roles to keycloak realm or client roles ?
>>>
>>> Assuming that roles in your local LDAP are the same (name) than the one
>>> you use in keycloak.
>>>
>>>
>>> Le 18/05/2018 à 08:32, valsaraj pv a écrit :
>>>
>>>> Got this sample:
>>>> https://gist.github.com/thomasdarimont/c4e739c5a319cf78a4cff3b87173a84b
>>>>
>>>> On Fri, May 18, 2018 at 10:39 AM, Subodh Joshi <
>>>> subodhcjoshi82 at gmail.com
>>>>
>>>> wrote:
>>>>
>>>> You have to write script to run admin-cli commands
>>>>> https://www.keycloak.org/docs/3.3/server_admin/topics/admin-cli.html
>>>>>
>>>>> On Fri, May 18, 2018 at 8:50 AM valsaraj pv <valsarajpv at gmail.com>
>>>>>
>>>> wrote:
>>>
>>>> Do you have any links that will be helpful?
>>>>>>
>>>>>> On Fri 18 May, 2018, 7:17 AM Subodh Joshi, <subodhcjoshi82 at gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>> I think admin-cli will help you regarding this but issue is
>>>>>>>
>>>>>> documetation
>>>
>>>> is not that good.
>>>>>>>
>>>>>>> On Thu, 17 May 2018, 22:43 valsaraj pv, <valsarajpv at gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>> Hi,
>>>>>>>>
>>>>>>>> Here is the scenario:
>>>>>>>> Java web application client registers users to local LDAP/DB and
>>>>>>>> sets
>>>>>>>> roles.
>>>>>>>> These users are periodically synced to Keycloak. Roles are also
>>>>>>>>
>>>>>>> synced
>>>
>>>> once
>>>>>>>> as it not changed more often.
>>>>>>>> So when a user registered in local LDAP via application, they are
>>>>>>>>
>>>>>>> also
>>>
>>>> reflected in Keycloak but they can't access web application after
>>>>>>>>
>>>>>>> login
>>>
>>>> via
>>>>>>>> Keycloak.
>>>>>>>> The new users can access only after setting client roles manually.
>>>>>>>> What is the best option to automate this. Is there is any API to set
>>>>>>>> client
>>>>>>>> roles?
>>>>>>>> If available, we can't write code to set role in registration method
>>>>>>>> since
>>>>>>>> the users will be synced to Keycloak only on next sync. Then option
>>>>>>>>
>>>>>>> is a
>>>
>>>> delayed call which first ensures that the user reached Keycloak DB
>>>>>>>>
>>>>>>> and
>>>
>>>> then
>>>>>>>> set role.
>>>>>>>> Please share your thoughts!
>>>>>>>>
>>>>>>>> Thanks!
>>>>>>>> _______________________________________________
>>>>>>>> keycloak-user mailing list
>>>>>>>> keycloak-user at lists.jboss.org
>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>
>>>>>>>> --
>>>>> Subodh Chandra Joshi
>>>>> subodh1_joshi82 at yahoo.co.in
>>>>> http://www.trendsinnews.com
>>>>>
>>>>>
>>>> --
>>> Raphaël HOAREAU | Support & Hosting Solutions Manager
>>>
>>> raphael.hoareau at worteks.com
>>> +33 7 72 37 59 82
>>>
>>> Worteks | https://www.worteks.com
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>>
>>
>>
>

-- 
Life is like this: "Just when we get all the answers of life.... God
changes the question paper....

Valsaraj Viswanathan