[keycloak-user] Federation of Roles, Groups and Realms
Pedro Igor Silva
psilva at redhat.com
Wed Aug 7 09:14:07 EDT 2019
Hi,
Providers are configured per-realm. For roles and groups, you could have a
look at (if not already)
https://www.keycloak.org/docs/6.0/server_development/#augmenting-external-storage
.
You could return an AbstractUserAdapterFederatedStorage from your provider
and override some methods so that roles and group information is fetched
from your database.
Regards.
Pedro Igor
On Tue, Aug 6, 2019 at 1:09 PM Simon Levermann <simon at slevermann.de> wrote:
> Hello,
>
> we have a user database in form of a license server, which we would like
> to use as a source of data for a Keycloak server. I've been able to find
> plenty of resources on how to map the *users* into Keycloak via SPI, but
> I haven't been able to find much on Roles, Groups and Realms. Are any
> (or all) of the three possible to achieve, or do we have to manage these
> manually?
>
> The problem is that we would like to have some logical separation of
> users into a realm (or a group) per customer, as well as mapping roles
> onto licenses for different products. Our current stab at a solution is
> an external synchronization service which periodically performs updates
> via the Keycloak Admin API, but if possible, we would like to get rid of
> this service and perform all the mappings inside Keycloak.
>
> Best regards,
>
> Simon Levermann
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list