[keycloak-user] Configuring Admin Access Control or realm-management client role for LDAP user in keycloak via imported realm.json configuration

kapil joshi kapilkumarjoshi001 at gmail.com
Thu Jan 31 11:58:23 EST 2019 

Hi Marek,

Found the solution,

it was square brackets of array given was causing this issue. On removal of
square brackets it worked. We need to just give one role for each mapper.

*{*
*              "name": "administrator",*
              *"federationMapperType"**:"hardcoded-ldap-role-mapper",*
*"**federationProviderDisplayName"*
* : "ldap",*
*              "subComponents": {},*
*              "config": {*
*                "role": [*
*                  "realm-management.manage-users"*
*                ]*
*              }*
*           }*

Solution :
  *{*
*              "name": "administrator",*
              *"federationMapperType"**:"hardcoded-ldap-role-mapper",*
*"**federationProviderDisplayName"** : "ldap",*
*              "config": {*
*                "role":** "realm-management.manage-users"*
*              }*
*           }*


*Thanks*
*Kapil*

On Thu, Jan 31, 2019 at 8:10 PM kapil joshi <kapilkumarjoshi001 at gmail.com>
wrote:

> Hi Marek,
>
> Actually we tried that, but the it still doesn't work. Not even "
> directAccessGrantsEnabled": true, value under realm.json.
> We tried importing realm.json with "directAccessGrantsEnabled": true
> value under clients section, it isnt working there too.
> Would be great if someone could guide us what to do or may be what are
> missing.
>
> Thanks & regards
> Kapil
>
> On Thu, 31 Jan 2019, 17:59 Marek Posolda, <mposolda at redhat.com> wrote:
>
>> I suggest to try the export/import as I mentioned already. I hope this
>> can give you a hint how the JSON should look like.
>>
>> Regards,
>> Marek
>>
>> On 31/01/2019 13:23, kapil joshi wrote:
>>
>>
>> On Thu, 31 Jan 2019, 17:53 kapil joshi, <kapilkumarjoshi001 at gmail.com>
>> wrote:
>>
>>> Hi Marek,
>>>
>>>
>>> Thanks for the reply, actually we see one ldaprealm.json in the LDAP
>>> integration with keycloak example. But even there we saw entries only for
>>> role-ldap-mapper.
>>>
>>> Can someone in your team provide a sample for hardcoded-ldap-mapper
>>>
>>> Thanks
>>> Kapil
>>>
>>>
>>> On 31 Jan 2019 17:21, "Marek Posolda" <mposolda at redhat.com> wrote:
>>>
>>> I am not sure about the JSON format from the top of my head. I suggest
>>> to create things manually in admin console, then export it to JSON, so you
>>> can see proper JSON format. See keycloak documentation for Export/Import
>>> for more details.
>>>
>>> Marek
>>>
>>> On 31/01/2019 07:19, kapil joshi wrote:
>>>
>>> Hi Marek,
>>>
>>> I was trying to import realm.json which contains following entry, to
>>> include hardcoded-ldap-mapper in keycloak, for realm-management role of
>>> manage-users, but its failing to import, can you give us a small example of
>>> such entry in realm.json which we can follow on.
>>>
>>> // snippet of realm.json
>>>
>>>  *          {*
>>> *              "name": "administrator",*
>>>               *"federationMapperType"**: "hardcoded-ldap-role-mapper",*
>>> *"**federationProviderDisplayName"*
>>> * : "ldap", *
>>> *              "subComponents": {},*
>>> *              "config": {*
>>> *                "role": [*
>>> *                  "realm-management.manage-users"*
>>> *                ]*
>>> *              }*
>>> *           }*
>>>
>>>
>>> *Thanks *
>>> *Kapil*
>>>
>>> On Tue, Jan 29, 2019 at 2:38 PM kapil joshi <
>>> kapilkumarjoshi001 at gmail.com> wrote:
>>>
>>>> Hi Marek,
>>>>
>>>> First of all thanks for your response,  it works !!! . I tried mapping
>>>> a client role (i.e realm-management roles), few observations:
>>>> 1) I was not able to save the configuration was getting below attached
>>>> error message.
>>>> [image: image.png]
>>>>
>>>> But then i saw there is already a bug filed on this issue.
>>>> So applied the work around, and was able to get the client role added
>>>> for LDAP imported user.
>>>>
>>>> Thanks again,
>>>> Kapil
>>>>
>>>>
>>>>
>>>> On Tue, Jan 29, 2019 at 1:43 AM Marek Posolda <mposolda at redhat.com>
>>>> wrote:
>>>>
>>>>> Yes, this should be doable with hardcoded-ldap-role-mapper if I
>>>>> understand your use-case correctly (See tab "mappers" in the admin console
>>>>> when you're on the page with the details of LDAP provider).
>>>>>
>>>>> Marek
>>>>>
>>>>> On 28/01/2019 10:24, kapil joshi wrote:
>>>>>
>>>>> Hi All,
>>>>>
>>>>> Can we assign realm-management client roles for users imported from LDAP in
>>>>> Keycloak.
>>>>> Currently we are trying to set up LDAP based user federation using by
>>>>> importing a realm.json, configured with LDAP related configuration. Have
>>>>> attached it to this email.
>>>>> Basically the requirement is when we login to the client using the LDAP
>>>>> credentials, the user should be able to access user-management and
>>>>> view-realm client(i.e accessing the admin console) from client side.
>>>>>
>>>>> Thanks
>>>>> Kapil
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>
>>>>>
>>>>>
>>>
>>>
>>
>>

More information about the keycloak-user mailing list