[keycloak-user] Configuring Admin Access Control or realm-management client role for LDAP user in keycloak via imported realm.json configuration

kapil joshi kapilkumarjoshi001 at gmail.com
Thu Jan 31 09:40:09 EST 2019


Hi Marek,

Actually we tried that, but the it still doesn't work. Not even "
directAccessGrantsEnabled": true, value under realm.json.
We tried importing realm.json with "directAccessGrantsEnabled": true value
under clients section, it isnt working there too.
Would be great if someone could guide us what to do or may be what are
missing.

Thanks & regards
Kapil

On Thu, 31 Jan 2019, 17:59 Marek Posolda, <mposolda at redhat.com> wrote:

> I suggest to try the export/import as I mentioned already. I hope this can
> give you a hint how the JSON should look like.
>
> Regards,
> Marek
>
> On 31/01/2019 13:23, kapil joshi wrote:
>
>
> On Thu, 31 Jan 2019, 17:53 kapil joshi, <kapilkumarjoshi001 at gmail.com>
> wrote:
>
>> Hi Marek,
>>
>>
>> Thanks for the reply, actually we see one ldaprealm.json in the LDAP
>> integration with keycloak example. But even there we saw entries only for
>> role-ldap-mapper.
>>
>> Can someone in your team provide a sample for hardcoded-ldap-mapper
>>
>> Thanks
>> Kapil
>>
>>
>> On 31 Jan 2019 17:21, "Marek Posolda" <mposolda at redhat.com> wrote:
>>
>> I am not sure about the JSON format from the top of my head. I suggest to
>> create things manually in admin console, then export it to JSON, so you can
>> see proper JSON format. See keycloak documentation for Export/Import for
>> more details.
>>
>> Marek
>>
>> On 31/01/2019 07:19, kapil joshi wrote:
>>
>> Hi Marek,
>>
>> I was trying to import realm.json which contains following entry, to
>> include hardcoded-ldap-mapper in keycloak, for realm-management role of
>> manage-users, but its failing to import, can you give us a small example of
>> such entry in realm.json which we can follow on.
>>
>> // snippet of realm.json
>>
>>  *          {*
>> *              "name": "administrator",*
>>               *"federationMapperType"**: "hardcoded-ldap-role-mapper",*
>> *"**federationProviderDisplayName"*
>> * : "ldap", *
>> *              "subComponents": {},*
>> *              "config": {*
>> *                "role": [*
>> *                  "realm-management.manage-users"*
>> *                ]*
>> *              }*
>> *           }*
>>
>>
>> *Thanks *
>> *Kapil*
>>
>> On Tue, Jan 29, 2019 at 2:38 PM kapil joshi <kapilkumarjoshi001 at gmail.com>
>> wrote:
>>
>>> Hi Marek,
>>>
>>> First of all thanks for your response,  it works !!! . I tried mapping a
>>> client role (i.e realm-management roles), few observations:
>>> 1) I was not able to save the configuration was getting below attached
>>> error message.
>>> [image: image.png]
>>>
>>> But then i saw there is already a bug filed on this issue.
>>> So applied the work around, and was able to get the client role added
>>> for LDAP imported user.
>>>
>>> Thanks again,
>>> Kapil
>>>
>>>
>>>
>>> On Tue, Jan 29, 2019 at 1:43 AM Marek Posolda <mposolda at redhat.com>
>>> wrote:
>>>
>>>> Yes, this should be doable with hardcoded-ldap-role-mapper if I
>>>> understand your use-case correctly (See tab "mappers" in the admin console
>>>> when you're on the page with the details of LDAP provider).
>>>>
>>>> Marek
>>>>
>>>> On 28/01/2019 10:24, kapil joshi wrote:
>>>>
>>>> Hi All,
>>>>
>>>> Can we assign realm-management client roles for users imported from LDAP in
>>>> Keycloak.
>>>> Currently we are trying to set up LDAP based user federation using by
>>>> importing a realm.json, configured with LDAP related configuration. Have
>>>> attached it to this email.
>>>> Basically the requirement is when we login to the client using the LDAP
>>>> credentials, the user should be able to access user-management and
>>>> view-realm client(i.e accessing the admin console) from client side.
>>>>
>>>> Thanks
>>>> Kapil
>>>>
>>>>
>>>> _______________________________________________
>>>> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>>
>>>>
>>
>>
>


More information about the keycloak-user mailing list