Re: [keycloak-user] Federation of Roles, Groups and Realms
Hi,
Providers are configured per-realm. For roles and groups, you could have a
look at (if not already)
https://www.keycloak.org/docs/6.0/server_development/#augmenting-external...
.
You could return an AbstractUserAdapterFederatedStorage from your provider
and override some methods so that roles and group information is fetched
from your database.
Regards.
Pedro Igor
On Tue, Aug 6, 2019 at 1:09 PM Simon Levermann <simon(a)slevermann.de> wrote:
Hello,
we have a user database in form of a license server, which we would like
to use as a source of data for a Keycloak server. I've been able to find
plenty of resources on how to map the *users* into Keycloak via SPI, but
I haven't been able to find much on Roles, Groups and Realms. Are any
(or all) of the three possible to achieve, or do we have to manage these
manually?
The problem is that we would like to have some logical separation of
users into a realm (or a group) per customer, as well as mapping roles
onto licenses for different products. Our current stab at a solution is
an external synchronization service which periodically performs updates
via the Keycloak Admin API, but if possible, we would like to get rid of
this service and perform all the mappings inside Keycloak.
Best regards,
Simon Levermann
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user