[keycloak-user] Configuring Admin Access Control or realm-management client role for LDAP user in keycloak via imported realm.json configuration

kapil joshi kapilkumarjoshi001 at gmail.com
Thu Jan 31 07:23:21 EST 2019 

On Thu, 31 Jan 2019, 17:53 kapil joshi, <kapilkumarjoshi001 at gmail.com>
wrote:

> Hi Marek,
>
>
> Thanks for the reply, actually we see one ldaprealm.json in the LDAP
> integration with keycloak example. But even there we saw entries only for
> role-ldap-mapper.
>
> Can someone in your team provide a sample for hardcoded-ldap-mapper
>
> Thanks
> Kapil
>
>
> On 31 Jan 2019 17:21, "Marek Posolda" <mposolda at redhat.com> wrote:
>
> I am not sure about the JSON format from the top of my head. I suggest to
> create things manually in admin console, then export it to JSON, so you can
> see proper JSON format. See keycloak documentation for Export/Import for
> more details.
>
> Marek
>
> On 31/01/2019 07:19, kapil joshi wrote:
>
> Hi Marek,
>
> I was trying to import realm.json which contains following entry, to
> include hardcoded-ldap-mapper in keycloak, for realm-management role of
> manage-users, but its failing to import, can you give us a small example of
> such entry in realm.json which we can follow on.
>
> // snippet of realm.json
>
>  *          {*
> *              "name": "administrator",*
>               *"federationMapperType"**: "hardcoded-ldap-role-mapper",*
> *"**federationProviderDisplayName"*
> * : "ldap", *
> *              "subComponents": {},*
> *              "config": {*
> *                "role": [*
> *                  "realm-management.manage-users"*
> *                ]*
> *              }*
> *           }*
>
>
> *Thanks *
> *Kapil*
>
> On Tue, Jan 29, 2019 at 2:38 PM kapil joshi <kapilkumarjoshi001 at gmail.com>
> wrote:
>
>> Hi Marek,
>>
>> First of all thanks for your response,  it works !!! . I tried mapping a
>> client role (i.e realm-management roles), few observations:
>> 1) I was not able to save the configuration was getting below attached
>> error message.
>> [image: image.png]
>>
>> But then i saw there is already a bug filed on this issue.
>> So applied the work around, and was able to get the client role added for
>> LDAP imported user.
>>
>> Thanks again,
>> Kapil
>>
>>
>>
>> On Tue, Jan 29, 2019 at 1:43 AM Marek Posolda <mposolda at redhat.com>
>> wrote:
>>
>>> Yes, this should be doable with hardcoded-ldap-role-mapper if I
>>> understand your use-case correctly (See tab "mappers" in the admin console
>>> when you're on the page with the details of LDAP provider).
>>>
>>> Marek
>>>
>>> On 28/01/2019 10:24, kapil joshi wrote:
>>>
>>> Hi All,
>>>
>>> Can we assign realm-management client roles for users imported from LDAP in
>>> Keycloak.
>>> Currently we are trying to set up LDAP based user federation using by
>>> importing a realm.json, configured with LDAP related configuration. Have
>>> attached it to this email.
>>> Basically the requirement is when we login to the client using the LDAP
>>> credentials, the user should be able to access user-management and
>>> view-realm client(i.e accessing the admin console) from client side.
>>>
>>> Thanks
>>> Kapil
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>>
>>>
>
>

More information about the keycloak-user mailing list