2:17 a.m.
Hello,
I am using the LDAP Federation Provider to sync users from an AD server and keycloak
(unidirectional AD => keycload).
For every newly imported user I want to auto-add one keycloak role. What is the
recommended way to implement this?
Should I write a second Provider/ ProviderFactory and do a second sync run ?
Subclassing LDAPFederationProviderFactory doesn't have the desired result, since the
administration doesn't show the ldap properties.
I can only assume, that there is some special treatment for the
LDAPFederationProviderFactory (the buttons to check the connection indicate that).
Kind regards
Kevin Hirschmann
HUEBINET Informationsmanagement GmbH & Co. KG
----------------------------------------------------------------------------------------------------------------------------------------------------------------------
Der Nachrichtenaustausch mit HUEBINET Informationsmanagement GmbH & Co. KG, Koblenz
via E-Mail dient lediglich zu Informationszwecken. Rechtsgeschäftliche Erklärungen mit
verbindlichem Inhalt können über dieses Medium nicht ausgetauscht werden, da die
Manipulation von E-Mails durch Dritte nicht ausgeschlossen werden kann.
Email communication with HUEBINET Informationsmanagement GmbH & Co. KG is only
intended to provide information of a general kind, and shall not be used for any statement
with binding contents in respect to legal relations. It is not totally possible to prevent
a third party from manipulating emails and email contents.
10:12 a.m.
Hi,
The easiest to achieve this would be to create your own
LDAPFederationMapper instead of subclassing LDAPFederationProviderFactory.
I've actually already though about have it available in Keycloak by
default. (In other words, having "hardcoded role mapper", which will put
users synced from LDAP into some configured role) Feel free to create
JIRA if you didn't yet figure it out and I can try to put it into 1.5
release.
Other possibility is to use "Default role" feature, which Keycloak has
by default, but this will put all newly created/registered users into
this role (not just those synced from LDAP). So if you want just LDAP
users to have the default role available, this won't work for you.
Marek
On 26/08/15 09:17, Kevin Hirschmann wrote:
Hello,
I am using the LDAP Federation Provider to sync users from an AD
server and keycloak (unidirectional AD => keycload).
For every newly imported user I want to auto-add one keycloak role.
What is the recommended way to implement this?
Should I write a second Provider/ ProviderFactory and do a second sync
run ?
Subclassing LDAPFederationProviderFactorydoesn’t have the desired
result, since the administration doesn’t show the ldap properties.
I can only assume, that there is some special treatment for the
LDAPFederationProviderFactory (the buttons to check the connection
indicate that).
Kind regards
Kevin Hirschmann
HUEBINET Informationsmanagement GmbH & Co. KG
----------------------------------------------------------------------------------------------------------------------------------------------------------------------
Der Nachrichtenaustausch mit HUEBINET Informationsmanagement GmbH &
Co. KG, Koblenz via E-Mail dient lediglich zu Informationszwecken.
Rechtsgeschäftliche Erklärungen mit verbindlichem Inhalt können über
dieses Medium nicht ausgetauscht werden, da die Manipulation von
E-Mails durch Dritte nicht ausgeschlossen werden kann.
Email communication with HUEBINET Informationsmanagement GmbH & Co. KG
is only intended to provide information of a general kind, and shall
not be used for any statement with binding contents in respect to
legal relations. It is not totally possible to prevent a third party
from manipulating emails and email contents.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3405
days inactive
3410
days old
1 comments
2 participants
participants (2)
-
Kevin Hirschmann -
Marek Posolda