[keycloak-user] Auth with Kaycloak

Marek Posolda mposolda at redhat.com
Tue Feb 20 02:29:27 EST 2018


On 19/02/18 15:48, valsaraj pv wrote:
> Hi,
>
> Yes, I did these steps and created role mapper.
> But what is the difference between role mapper and group mapper?
Role mapper maps LDAP groups to Keycloak roles. Group mapper maps LDAP 
groups to Keycloak groups.
> I checked roles and tooltips, need to check ldap sample.
>  How to set default roles if a user don't have any role mapped in LDAP?
There is also Hardcoded-Role-LDAP-Mapper, which allows to automatically 
set specified role to all Keycloak users, which are saved in LDAP. But 
if you want to add specified role to the Keycloak user just in case that 
he doesn't have any other role, that is functionality, which is not 
available OOTB. You will need to code your own LDAP mapper if you want 
to achieve this.

Marek
>
> Thanks!
>
> On 19-Feb-2018 7:49 PM, "Marek Posolda" <mposolda at redhat.com 
> <mailto:mposolda at redhat.com>> wrote:
>
>     You need to create LDAP UserStorage provider in admin console and
>     then configure some mappers (Role mappers or Group mappers) for
>     LDAP provider. See docs, admin console tooltips and our example
>     "ldap" from keycloak-examples distribution for more details.
>
>     Marek
>
>
>     On 19/02/18 09:43, valsaraj pv wrote:
>
>         Hi,
>
>         I would like to know how to implement auth using Keyclock for
>         an existing
>         model using JAAS & LDAP. Currently a user is aithenticated
>         with LDAP
>         directly from login module. If the user is in LDAP group,
>         those roles will
>         be set. If there is no group for a user in LDAP, some hard
>         coded roles will
>         be set from login module. When Keyclock is used, what kind of
>         role mapping
>         required for this scenario? How to do this conditional role
>         mapping?
>
>         Thanks!
>         _______________________________________________
>         keycloak-user mailing list
>         keycloak-user at lists.jboss.org
>         <mailto:keycloak-user at lists.jboss.org>
>         https://lists.jboss.org/mailman/listinfo/keycloak-user
>         <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>
>
>
>



More information about the keycloak-user mailing list