2:04 a.m.
That's strange. The role-kdap-mapper should ensure that roles from LDAP
are available in Keycloak and also that they are assigned to users in
Keycloak. So Keycloak should be able to see the role mappings based on
the role mappings in LDAP. It's just a matter of correct configuration.
You can take a look at "keycloak-examples" distribution and the example
"ldap" to see how to configure things.
Marek
On 18/05/18 10:11, valsaraj pv wrote:
Yes, 'role-ldap-mapper created & those roles appeared in
Keyclock client
set in mapper. But these roles were not assigned to users. For that need to
open user from admin cosole & select client abd set client roles. I am
checking how to automate this.
On Fri, May 18, 2018 at 1:34 PM, Raphaël HOAREAU <raphoa(a)worteks.com> wrote:
> Can't you just create 'role-ldap-mapper' in your ldap user federation so
> it reflects your ldap roles to keycloak realm or client roles ?
>
> Assuming that roles in your local LDAP are the same (name) than the one
> you use in keycloak.
>
>
> Le 18/05/2018 à 08:32, valsaraj pv a écrit :
>> Got this sample:
>> https://gist.github.com/thomasdarimont/c4e739c5a319cf78a4cff3b87173a84b
>>
>> On Fri, May 18, 2018 at 10:39 AM, Subodh Joshi <subodhcjoshi82(a)gmail.com
>>
>> wrote:
>>
>>> You have to write script to run admin-cli commands
>>> https://www.keycloak.org/docs/3.3/server_admin/topics/admin-cli.html
>>>
>>> On Fri, May 18, 2018 at 8:50 AM valsaraj pv <valsarajpv(a)gmail.com>
> wrote:
>>>> Do you have any links that will be helpful?
>>>>
>>>> On Fri 18 May, 2018, 7:17 AM Subodh Joshi,
<subodhcjoshi82(a)gmail.com>
>>>> wrote:
>>>>
>>>>> I think admin-cli will help you regarding this but issue is
> documetation
>>>>> is not that good.
>>>>>
>>>>> On Thu, 17 May 2018, 22:43 valsaraj pv, <valsarajpv(a)gmail.com>
wrote:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> Here is the scenario:
>>>>>> Java web application client registers users to local LDAP/DB and
sets
>>>>>> roles.
>>>>>> These users are periodically synced to Keycloak. Roles are also
> synced
>>>>>> once
>>>>>> as it not changed more often.
>>>>>> So when a user registered in local LDAP via application, they
are
> also
>>>>>> reflected in Keycloak but they can't access web application
after
> login
>>>>>> via
>>>>>> Keycloak.
>>>>>> The new users can access only after setting client roles
manually.
>>>>>> What is the best option to automate this. Is there is any API to
set
>>>>>> client
>>>>>> roles?
>>>>>> If available, we can't write code to set role in registration
method
>>>>>> since
>>>>>> the users will be synced to Keycloak only on next sync. Then
option
> is a
>>>>>> delayed call which first ensures that the user reached Keycloak
DB
> and
>>>>>> then
>>>>>> set role.
>>>>>> Please share your thoughts!
>>>>>>
>>>>>> Thanks!
>>>>>> _______________________________________________
>>>>>> keycloak-user mailing list
>>>>>> keycloak-user(a)lists.jboss.org
>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>
>>> --
>>> Subodh Chandra Joshi
>>> subodh1_joshi82(a)yahoo.co.in
>>> http://www.trendsinnews.com
>>>
>>
> --
> Raphaël HOAREAU | Support & Hosting Solutions Manager
>
> raphael.hoareau(a)worteks.com
> +33 7 72 37 59 82
>
> Worteks | https://www.worteks.com
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>