[keycloak-user] Mapping LDAP group-roles to Keycloak

Marek Posolda mposolda at redhat.com
Wed Jun 27 05:32:52 EDT 2018


On 27/06/18 08:07, Alvaro Martin wrote:
> Hi,
>
> We have defined a set of fine-grain roles to secure endpoints on a backend
> application. We wanted to assign different set of roles to users. To avoid
> having to assign roles one-by-one to each user we have created groups and
> we have mapped roles to them (groups will work as profiles here) . Then we
> have assigned users to groups. This worked well.
>
> Now we want to create this setup in a LDAP and configure user federation.
> We can map LDAP roles to keycloak roles and LDAP groups to keycloak groups.
> We also even import group users  to keycloak. But we don´t know how to
> transfer LDAP group-roles to keycloak group role-mappings. We haven´t found
> a mapper for this. Is there any way to do it?'
No, not yet...

You will need to manually create group-role mappings in LDAP though.

Marek

>
> Thanks in advance,
>
> *Álvaro Martín García*[image: bluetab.net] <http://www.bluetab.net/>
> alvaro.martin at bluetab.net
>
> +34 91 457 16 97
>
> +34 687 398 622t
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user




More information about the keycloak-user mailing list