[keycloak-user] Set client roles to registered users automatically once synced from source LDAP/DB

valsaraj pv valsarajpv at gmail.com
Fri May 18 04:11:31 EDT 2018


Yes,  'role-ldap-mapper created & those roles appeared in Keyclock client
set in mapper. But these roles were not assigned to users. For that need to
open user from admin cosole & select client abd set client roles. I am
checking how to automate this.

On Fri, May 18, 2018 at 1:34 PM, Raphaël HOAREAU <raphoa at worteks.com> wrote:

> Can't you just create 'role-ldap-mapper' in your ldap user federation so
> it reflects your ldap roles to keycloak realm or client roles ?
>
> Assuming that roles in your local LDAP are the same (name) than the one
> you use in keycloak.
>
>
> Le 18/05/2018 à 08:32, valsaraj pv a écrit :
> > Got this sample:
> > https://gist.github.com/thomasdarimont/c4e739c5a319cf78a4cff3b87173a84b
> >
> > On Fri, May 18, 2018 at 10:39 AM, Subodh Joshi <subodhcjoshi82 at gmail.com
> >
> > wrote:
> >
> >> You have to write script to run admin-cli commands
> >> https://www.keycloak.org/docs/3.3/server_admin/topics/admin-cli.html
> >>
> >> On Fri, May 18, 2018 at 8:50 AM valsaraj pv <valsarajpv at gmail.com>
> wrote:
> >>
> >>> Do you have any links that will be helpful?
> >>>
> >>> On Fri 18 May, 2018, 7:17 AM Subodh Joshi, <subodhcjoshi82 at gmail.com>
> >>> wrote:
> >>>
> >>>> I think admin-cli will help you regarding this but issue is
> documetation
> >>>> is not that good.
> >>>>
> >>>> On Thu, 17 May 2018, 22:43 valsaraj pv, <valsarajpv at gmail.com> wrote:
> >>>>
> >>>>> Hi,
> >>>>>
> >>>>> Here is the scenario:
> >>>>> Java web application client registers users to local LDAP/DB and sets
> >>>>> roles.
> >>>>> These users are periodically synced to Keycloak. Roles are also
> synced
> >>>>> once
> >>>>> as it not changed more often.
> >>>>> So when a user registered in local LDAP via application, they are
> also
> >>>>> reflected in Keycloak but they can't access web application after
> login
> >>>>> via
> >>>>> Keycloak.
> >>>>> The new users can access only after setting client roles manually.
> >>>>> What is the best option to automate this. Is there is any API to set
> >>>>> client
> >>>>> roles?
> >>>>> If available, we can't write code to set role in registration method
> >>>>> since
> >>>>> the users will be synced to Keycloak only on next sync. Then option
> is a
> >>>>> delayed call which first ensures that the user reached Keycloak DB
> and
> >>>>> then
> >>>>> set role.
> >>>>> Please share your thoughts!
> >>>>>
> >>>>> Thanks!
> >>>>> _______________________________________________
> >>>>> keycloak-user mailing list
> >>>>> keycloak-user at lists.jboss.org
> >>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>>>>
> >> --
> >> Subodh Chandra Joshi
> >> subodh1_joshi82 at yahoo.co.in
> >> http://www.trendsinnews.com
> >>
> >
> >
> --
> Raphaël HOAREAU | Support & Hosting Solutions Manager
>
> raphael.hoareau at worteks.com
> +33 7 72 37 59 82
>
> Worteks | https://www.worteks.com
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>



-- 
Life is like this: "Just when we get all the answers of life.... God
changes the question paper....

Valsaraj Viswanathan


More information about the keycloak-user mailing list