[keycloak-user] Set client roles to registered users automatically once synced from source LDAP/DB
Subodh Joshi
subodhcjoshi82 at gmail.com
Fri May 18 01:09:36 EDT 2018
You have to write script to run admin-cli commands
https://www.keycloak.org/docs/3.3/server_admin/topics/admin-cli.html
On Fri, May 18, 2018 at 8:50 AM valsaraj pv <valsarajpv at gmail.com> wrote:
> Do you have any links that will be helpful?
>
> On Fri 18 May, 2018, 7:17 AM Subodh Joshi, <subodhcjoshi82 at gmail.com>
> wrote:
>
>> I think admin-cli will help you regarding this but issue is documetation
>> is not that good.
>>
>> On Thu, 17 May 2018, 22:43 valsaraj pv, <valsarajpv at gmail.com> wrote:
>>
>>> Hi,
>>>
>>> Here is the scenario:
>>> Java web application client registers users to local LDAP/DB and sets
>>> roles.
>>> These users are periodically synced to Keycloak. Roles are also synced
>>> once
>>> as it not changed more often.
>>> So when a user registered in local LDAP via application, they are also
>>> reflected in Keycloak but they can't access web application after login
>>> via
>>> Keycloak.
>>> The new users can access only after setting client roles manually.
>>> What is the best option to automate this. Is there is any API to set
>>> client
>>> roles?
>>> If available, we can't write code to set role in registration method
>>> since
>>> the users will be synced to Keycloak only on next sync. Then option is a
>>> delayed call which first ensures that the user reached Keycloak DB and
>>> then
>>> set role.
>>> Please share your thoughts!
>>>
>>> Thanks!
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
--
Subodh Chandra Joshi
subodh1_joshi82 at yahoo.co.in
http://www.trendsinnews.com
More information about the keycloak-user
mailing list