[keycloak-user] UserFederation - post process steps

Marek Posolda mposolda at redhat.com
Mon Aug 31 11:12:13 EDT 2015


Hi,

The easiest to achieve this would be to create your own 
LDAPFederationMapper instead of subclassing LDAPFederationProviderFactory.

I've actually already though about have it available in Keycloak by 
default. (In other words, having "hardcoded role mapper", which will put 
users synced from LDAP into some configured role) Feel free to create 
JIRA if you didn't yet figure it out and I can try to put it into 1.5 
release.

Other possibility is to use "Default role" feature, which Keycloak has 
by default, but this will put all newly created/registered users into 
this role (not just those synced from LDAP). So if you want just LDAP 
users to have the default role available, this won't work for you.

Marek

On 26/08/15 09:17, Kevin Hirschmann wrote:
>
> Hello,
>
> I am using the LDAP Federation Provider to sync users from an AD 
> server and keycloak (unidirectional AD => keycload).
>
> For every newly imported user I want to auto-add one keycloak role. 
> What is the recommended way to implement this?
>
> Should I write a second Provider/ ProviderFactory and do a second sync 
> run ?
>
> Subclassing LDAPFederationProviderFactorydoesn’t have the desired 
> result, since the administration doesn’t show the ldap properties.
>
> I can only assume, that there is some special treatment for the 
> LDAPFederationProviderFactory (the buttons to check the connection 
> indicate that).
>
> Kind regards
>
> Kevin Hirschmann
>
> HUEBINET Informationsmanagement GmbH & Co. KG
>
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Der Nachrichtenaustausch mit HUEBINET Informationsmanagement GmbH & 
> Co. KG, Koblenz via E-Mail dient lediglich zu Informationszwecken. 
> Rechtsgeschäftliche Erklärungen mit verbindlichem Inhalt können über 
> dieses Medium nicht ausgetauscht werden, da die Manipulation von 
> E-Mails durch Dritte nicht ausgeschlossen werden kann.
>
> Email communication with HUEBINET Informationsmanagement GmbH & Co. KG 
> is only intended to provide information of a general kind, and shall 
> not be used for any statement with binding contents in respect to 
> legal relations. It is not totally possible to prevent a third party 
> from manipulating emails and email contents.
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150831/8436ff68/attachment.html 


More information about the keycloak-user mailing list