2:43 a.m.
Hi,
I would like to know how to implement auth using Keyclock for an existing
model using JAAS & LDAP. Currently a user is aithenticated with LDAP
directly from login module. If the user is in LDAP group, those roles will
be set. If there is no group for a user in LDAP, some hard coded roles will
be set from login module. When Keyclock is used, what kind of role mapping
required for this scenario? How to do this conditional role mapping?
Thanks!
8:19 a.m.
You need to create LDAP UserStorage provider in admin console and then
configure some mappers (Role mappers or Group mappers) for LDAP
provider. See docs, admin console tooltips and our example "ldap" from
keycloak-examples distribution for more details.
Marek
On 19/02/18 09:43, valsaraj pv wrote:
Hi,
I would like to know how to implement auth using Keyclock for an existing
model using JAAS & LDAP. Currently a user is aithenticated with LDAP
directly from login module. If the user is in LDAP group, those roles will
be set. If there is no group for a user in LDAP, some hard coded roles will
be set from login module. When Keyclock is used, what kind of role mapping
required for this scenario? How to do this conditional role mapping?
Thanks!
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
8:48 a.m.
Hi,
Yes, I did these steps and created role mapper.
But what is the difference between role mapper and group mapper?
I checked roles and tooltips, need to check ldap sample.
How to set default roles if a user don't have any role mapped in LDAP?
Thanks!
On 19-Feb-2018 7:49 PM, "Marek Posolda" <mposolda(a)redhat.com> wrote:
You need to create LDAP UserStorage provider in admin console and then
configure some mappers (Role mappers or Group mappers) for LDAP provider.
See docs, admin console tooltips and our example "ldap" from
keycloak-examples distribution for more details.
Marek
On 19/02/18 09:43, valsaraj pv wrote:
Hi,
I would like to know how to implement auth using Keyclock for an existing
model using JAAS & LDAP. Currently a user is aithenticated with LDAP
directly from login module. If the user is in LDAP group, those roles will
be set. If there is no group for a user in LDAP, some hard coded roles will
be set from login module. When Keyclock is used, what kind of role mapping
required for this scenario? How to do this conditional role mapping?
Thanks!
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
1:29 a.m.
On 19/02/18 15:48, valsaraj pv wrote:
Hi,
Yes, I did these steps and created role mapper.
But what is the difference between role mapper and group mapper?
Role mapper maps
LDAP groups to Keycloak roles. Group mapper maps LDAP
groups to Keycloak groups.
I checked roles and tooltips, need to check ldap sample.
How to set default roles if a user don't have any role mapped in LDAP?
There
is also Hardcoded-Role-LDAP-Mapper, which allows to automatically
set specified role to all Keycloak users, which are saved in LDAP. But
if you want to add specified role to the Keycloak user just in case that
he doesn't have any other role, that is functionality, which is not
available OOTB. You will need to code your own LDAP mapper if you want
to achieve this.
Marek
Thanks!
On 19-Feb-2018 7:49 PM, "Marek Posolda" <mposolda(a)redhat.com
<mailto:mposolda@redhat.com>> wrote:
You need to create LDAP UserStorage provider in admin console and
then configure some mappers (Role mappers or Group mappers) for
LDAP provider. See docs, admin console tooltips and our example
"ldap" from keycloak-examples distribution for more details.
Marek
On 19/02/18 09:43, valsaraj pv wrote:
Hi,
I would like to know how to implement auth using Keyclock for
an existing
model using JAAS & LDAP. Currently a user is aithenticated
with LDAP
directly from login module. If the user is in LDAP group,
those roles will
be set. If there is no group for a user in LDAP, some hard
coded roles will
be set from login module. When Keyclock is used, what kind of
role mapping
required for this scenario? How to do this conditional role
mapping?
Thanks!
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
<mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
<https://lists.jboss.org/mailman/listinfo/keycloak-user>
1:54 a.m.
Hi Marek,
Thanks for the clarification. Please see comments inline.
On Tue, Feb 20, 2018 at 12:59 PM, Marek Posolda <mposolda(a)redhat.com> wrote:
On 19/02/18 15:48, valsaraj pv wrote:
Hi,
Yes, I did these steps and created role mapper.
But what is the difference between role mapper and group mapper?
Role mapper maps LDAP groups to Keycloak roles. Group mapper maps LDAP
groups to Keycloak groups.
So both are same.
I checked roles and tooltips, need to check ldap sample.
How to set default roles if a user don't have any role mapped in LDAP?
There is also Hardcoded-Role-LDAP-Mapper, which allows to automatically
set specified role to all Keycloak users, which are saved in LDAP. But if
you want to add specified role to the Keycloak user just in case that he
doesn't have any other role, that is functionality, which is not available
OOTB. You will need to code your own LDAP mapper if you want to achieve
this.
Isn't it possible to set default roles from application filter class if the
logged in user don't have any role? If so, we don't need to implement own
LDAP mapper. Is there any documentation regarding how to create custom
mapper in Keycloak?
Thanks!
Marek
Thanks!
On 19-Feb-2018 7:49 PM, "Marek Posolda" <mposolda(a)redhat.com> wrote:
You need to create LDAP UserStorage provider in admin console and then
configure some mappers (Role mappers or Group mappers) for LDAP provider.
See docs, admin console tooltips and our example "ldap" from
keycloak-examples distribution for more details.
Marek
On 19/02/18 09:43, valsaraj pv wrote:
> Hi,
>
> I would like to know how to implement auth using Keyclock for an existing
> model using JAAS & LDAP. Currently a user is aithenticated with LDAP
> directly from login module. If the user is in LDAP group, those roles will
> be set. If there is no group for a user in LDAP, some hard coded roles
> will
> be set from login module. When Keyclock is used, what kind of role mapping
> required for this scenario? How to do this conditional role mapping?
>
> Thanks!
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Life is like this: "Just when we get all the answers of life.... God
changes the question paper....
Valsaraj Viswanathan
2514
days inactive
2515
days old
4 comments
2 participants
participants (2)
-
Marek Posolda -
valsaraj pv