2:18 p.m.
Hello,
I have a following scenario: user logs in for the first time from AD FS. There is a mapper
in place that assigns him a role. He is then assigned some more roles manually. When he
logs in second time, all the roles added by hand are being removed.
I've tried looking for something to disable this on keycloak side, but i don't see
anything relevant in documentation. Unfortunately, i don't have access to that
particular AD FS. Is there a way to stop this overriding on Keycloak side, or is assigning
all roles by mappers the only way?
Best regards,
Dmitry
3:11 p.m.
How are you using our ldap adapter? is "Import Enabled" true or false?
If it is false then Keycloak will not store role mappings if there are
no ldap mapping for it.
On 6/20/17 8:18 AM, Корчемкин Дмитрий wrote:
Hello,
I have a following scenario: user logs in for the first time from AD FS. There is a
mapper in place that assigns him a role. He is then assigned some more roles manually.
When he logs in second time, all the roles added by hand are being removed.
I've tried looking for something to disable this on keycloak side, but i don't
see anything relevant in documentation. Unfortunately, i don't have access to that
particular AD FS. Is there a way to stop this overriding on Keycloak side, or is assigning
all roles by mappers the only way?
Best regards,
Dmitry
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
6:48 p.m.
Ldap provider on User Federation tab is not being used at all. We do not propagate changes
made to AD users on keycloak back to AD, they come from different domain and roles
configured on keycloak do not even exist there.
From you questions i assume that Keycloak does indeed re-write user
data on each login through a broker?
20.06.2017, 16:31, "Bill Burke" <bburke(a)redhat.com>:
How are you using our ldap adapter? is "Import Enabled"
true or false?
If it is false then Keycloak will not store role mappings if there are
no ldap mapping for it.
On 6/20/17 8:18 AM, Корчемкин Дмитрий wrote:
> Hello,
>
> I have a following scenario: user logs in for the first time from AD FS. There is a
mapper in place that assigns him a role. He is then assigned some more roles manually.
When he logs in second time, all the roles added by hand are being removed.
>
> I've tried looking for something to disable this on keycloak side, but i
don't see anything relevant in documentation. Unfortunately, i don't have access
to that particular AD FS. Is there a way to stop this overriding on Keycloak side, or is
assigning all roles by mappers the only way?
>
> Best regards,
> Dmitry
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2775
days inactive
2775
days old
2 comments
2 participants
participants (2)
-
Bill Burke -
Корчемкин Дмитрий