[keycloak-user] Set client roles to registered users automatically once synced from source LDAP/DB
Marek Posolda
mposolda at redhat.com
Tue May 22 03:04:26 EDT 2018
That's strange. The role-kdap-mapper should ensure that roles from LDAP
are available in Keycloak and also that they are assigned to users in
Keycloak. So Keycloak should be able to see the role mappings based on
the role mappings in LDAP. It's just a matter of correct configuration.
You can take a look at "keycloak-examples" distribution and the example
"ldap" to see how to configure things.
Marek
On 18/05/18 10:11, valsaraj pv wrote:
> Yes, 'role-ldap-mapper created & those roles appeared in Keyclock client
> set in mapper. But these roles were not assigned to users. For that need to
> open user from admin cosole & select client abd set client roles. I am
> checking how to automate this.
>
> On Fri, May 18, 2018 at 1:34 PM, Raphaël HOAREAU <raphoa at worteks.com> wrote:
>
>> Can't you just create 'role-ldap-mapper' in your ldap user federation so
>> it reflects your ldap roles to keycloak realm or client roles ?
>>
>> Assuming that roles in your local LDAP are the same (name) than the one
>> you use in keycloak.
>>
>>
>> Le 18/05/2018 à 08:32, valsaraj pv a écrit :
>>> Got this sample:
>>> https://gist.github.com/thomasdarimont/c4e739c5a319cf78a4cff3b87173a84b
>>>
>>> On Fri, May 18, 2018 at 10:39 AM, Subodh Joshi <subodhcjoshi82 at gmail.com
>>>
>>> wrote:
>>>
>>>> You have to write script to run admin-cli commands
>>>> https://www.keycloak.org/docs/3.3/server_admin/topics/admin-cli.html
>>>>
>>>> On Fri, May 18, 2018 at 8:50 AM valsaraj pv <valsarajpv at gmail.com>
>> wrote:
>>>>> Do you have any links that will be helpful?
>>>>>
>>>>> On Fri 18 May, 2018, 7:17 AM Subodh Joshi, <subodhcjoshi82 at gmail.com>
>>>>> wrote:
>>>>>
>>>>>> I think admin-cli will help you regarding this but issue is
>> documetation
>>>>>> is not that good.
>>>>>>
>>>>>> On Thu, 17 May 2018, 22:43 valsaraj pv, <valsarajpv at gmail.com> wrote:
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> Here is the scenario:
>>>>>>> Java web application client registers users to local LDAP/DB and sets
>>>>>>> roles.
>>>>>>> These users are periodically synced to Keycloak. Roles are also
>> synced
>>>>>>> once
>>>>>>> as it not changed more often.
>>>>>>> So when a user registered in local LDAP via application, they are
>> also
>>>>>>> reflected in Keycloak but they can't access web application after
>> login
>>>>>>> via
>>>>>>> Keycloak.
>>>>>>> The new users can access only after setting client roles manually.
>>>>>>> What is the best option to automate this. Is there is any API to set
>>>>>>> client
>>>>>>> roles?
>>>>>>> If available, we can't write code to set role in registration method
>>>>>>> since
>>>>>>> the users will be synced to Keycloak only on next sync. Then option
>> is a
>>>>>>> delayed call which first ensures that the user reached Keycloak DB
>> and
>>>>>>> then
>>>>>>> set role.
>>>>>>> Please share your thoughts!
>>>>>>>
>>>>>>> Thanks!
>>>>>>> _______________________________________________
>>>>>>> keycloak-user mailing list
>>>>>>> keycloak-user at lists.jboss.org
>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>
>>>> --
>>>> Subodh Chandra Joshi
>>>> subodh1_joshi82 at yahoo.co.in
>>>> http://www.trendsinnews.com
>>>>
>>>
>> --
>> Raphaël HOAREAU | Support & Hosting Solutions Manager
>>
>> raphael.hoareau at worteks.com
>> +33 7 72 37 59 82
>>
>> Worteks | https://www.worteks.com
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
More information about the keycloak-user
mailing list