[keycloak-user] Configuring Admin Access Control or realm-management client role for LDAP user in keycloak via imported realm.json configuration
kapil joshi
kapilkumarjoshi001 at gmail.com
Thu Jan 31 01:19:33 EST 2019
Hi Marek,
I was trying to import realm.json which contains following entry, to
include hardcoded-ldap-mapper in keycloak, for realm-management role of
manage-users, but its failing to import, can you give us a small example of
such entry in realm.json which we can follow on.
// snippet of realm.json
* {*
* "name": "administrator",*
*"federationMapperType"**: "hardcoded-ldap-role-mapper",*
*"**federationProviderDisplayName"*
* : "ldap",*
* "subComponents": {},*
* "config": {*
* "role": [*
* "realm-management.manage-users"*
* ]*
* }*
* }*
*Thanks *
On Thu, Jan 31, 2019 at 11:49 AM kapil joshi <kapilkumarjoshi001 at gmail.com>
wrote:
> Hi Marek,
>
> I was trying to import realm.json which contains following entry, to
> include hardcoded-ldap-mapper in keycloak, for realm-management role of
> manage-users, but its failing to import, can you give us a small example of
> such entry in realm.json which we can follow on.
>
> // snippet of realm.json
>
> * {*
> * "name": "administrator",*
> *"federationMapperType"**: "hardcoded-ldap-role-mapper",*
> *"**federationProviderDisplayName"*
> * : "ldap",*
> * "subComponents": {},*
> * "config": {*
> * "role": [*
> * "realm-management.manage-users"*
> * ]*
> * }*
> * }*
>
>
> *Thanks *
> *Kapil*
>
> On Tue, Jan 29, 2019 at 2:38 PM kapil joshi <kapilkumarjoshi001 at gmail.com>
> wrote:
>
>> Hi Marek,
>>
>> First of all thanks for your response, it works !!! . I tried mapping a
>> client role (i.e realm-management roles), few observations:
>> 1) I was not able to save the configuration was getting below attached
>> error message.
>> [image: image.png]
>>
>> But then i saw there is already a bug filed on this issue.
>> So applied the work around, and was able to get the client role added for
>> LDAP imported user.
>>
>> Thanks again,
>> Kapil
>>
>>
>>
>> On Tue, Jan 29, 2019 at 1:43 AM Marek Posolda <mposolda at redhat.com>
>> wrote:
>>
>>> Yes, this should be doable with hardcoded-ldap-role-mapper if I
>>> understand your use-case correctly (See tab "mappers" in the admin console
>>> when you're on the page with the details of LDAP provider).
>>>
>>> Marek
>>>
>>> On 28/01/2019 10:24, kapil joshi wrote:
>>>
>>> Hi All,
>>>
>>> Can we assign realm-management client roles for users imported from LDAP in
>>> Keycloak.
>>> Currently we are trying to set up LDAP based user federation using by
>>> importing a realm.json, configured with LDAP related configuration. Have
>>> attached it to this email.
>>> Basically the requirement is when we login to the client using the LDAP
>>> credentials, the user should be able to access user-management and
>>> view-realm client(i.e accessing the admin console) from client side.
>>>
>>> Thanks
>>> Kapil
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>>
>>>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 80148 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20190131/c41a8866/attachment-0001.png
More information about the keycloak-user
mailing list