[keycloak-user] Configuring Admin Access Control or realm-management client role for LDAP user in keycloak via imported realm.json configuration
Marek Posolda
mposolda at redhat.com
Thu Jan 31 07:29:37 EST 2019
I suggest to try the export/import as I mentioned already. I hope this
can give you a hint how the JSON should look like.
Regards,
Marek
On 31/01/2019 13:23, kapil joshi wrote:
>
> On Thu, 31 Jan 2019, 17:53 kapil joshi, <kapilkumarjoshi001 at gmail.com
> <mailto:kapilkumarjoshi001 at gmail.com>> wrote:
>
> Hi Marek,
>
>
> Thanks for the reply, actually we see one ldaprealm.json in the
> LDAP integration with keycloak example. But even there we saw
> entries only for role-ldap-mapper.
>
> Can someone in your team provide a sample for hardcoded-ldap-mapper
>
> Thanks
> Kapil
>
>
> On 31 Jan 2019 17:21, "Marek Posolda" <mposolda at redhat.com
> <mailto:mposolda at redhat.com>> wrote:
>
> I am not sure about the JSON format from the top of my head. I
> suggest to create things manually in admin console, then
> export it to JSON, so you can see proper JSON format. See
> keycloak documentation for Export/Import for more details.
>
> Marek
>
> On 31/01/2019 07:19, kapil joshi wrote:
>> Hi Marek,
>>
>> I was trying to import realm.json which contains following
>> entry, to include hardcoded-ldap-mapper in keycloak, for
>> realm-management role of manage-users, but its failing to
>> import, can you give us a small example of such entry in
>> realm.json which we can follow on.
>>
>> // snippet of realm.json
>>
>> * {*
>> * "name": "administrator",*
>> ***"federationMapperType"**: "hardcoded-ldap-role-mapper",*
>> *"**federationProviderDisplayName"**: "ldap",
>> *
>> * "subComponents": {},*
>> * "config": {*
>> * "role": [*
>> *"realm-management.manage-users"*
>> * ]*
>> * }*
>> * }*
>> *
>> *
>> *
>> *
>> *Thanks *
>> *Kapil*
>>
>> On Tue, Jan 29, 2019 at 2:38 PM kapil joshi
>> <kapilkumarjoshi001 at gmail.com
>> <mailto:kapilkumarjoshi001 at gmail.com>> wrote:
>>
>> Hi Marek,
>>
>> First of all thanks for your response, it works !!! . I
>> tried mapping a client role (i.e realm-management roles),
>> few observations:
>> 1) I was not able to save the configuration was getting
>> below attached error message.
>> image.png
>>
>> But then i saw there is already a bug filed on this issue.
>> So applied the work around, and was able to get the
>> client role added for LDAP imported user.
>>
>> Thanks again,
>> Kapil
>>
>>
>>
>> On Tue, Jan 29, 2019 at 1:43 AM Marek Posolda
>> <mposolda at redhat.com <mailto:mposolda at redhat.com>> wrote:
>>
>> Yes, this should be doable with
>> hardcoded-ldap-role-mapper if I understand your
>> use-case correctly (See tab "mappers" in the admin
>> console when you're on the page with the details of
>> LDAP provider).
>>
>> Marek
>>
>> On 28/01/2019 10:24, kapil joshi wrote:
>>> Hi All,
>>>
>>> Can we assign realm-management client roles for users imported from LDAP in
>>> Keycloak.
>>> Currently we are trying to set up LDAP based user federation using by
>>> importing a realm.json, configured with LDAP related configuration. Have
>>> attached it to this email.
>>> Basically the requirement is when we login to the client using the LDAP
>>> credentials, the user should be able to access user-management and
>>> view-realm client(i.e accessing the admin console) from client side.
>>>
>>> Thanks
>>> Kapil
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>
>
More information about the keycloak-user
mailing list