[keycloak-user] Federation of Roles, Groups and Realms
Simon Levermann
simon at slevermann.de
Tue Aug 6 09:56:54 EDT 2019
Hello,
we have a user database in form of a license server, which we would like
to use as a source of data for a Keycloak server. I've been able to find
plenty of resources on how to map the *users* into Keycloak via SPI, but
I haven't been able to find much on Roles, Groups and Realms. Are any
(or all) of the three possible to achieve, or do we have to manage these
manually?
The problem is that we would like to have some logical separation of
users into a realm (or a group) per customer, as well as mapping roles
onto licenses for different products. Our current stab at a solution is
an external synchronization service which periodically performs updates
via the Keycloak Admin API, but if possible, we would like to get rid of
this service and perform all the mappings inside Keycloak.
Best regards,
Simon Levermann
More information about the keycloak-user
mailing list