Reputation: 165
Keycloak role mapping
I have a spring boot application secured with keycloak. Each user in realm has roles for my resource (client). Roles are configuraed on users tab, for particular user under Role Mapping tab as Client Roles:
I also use integration with LDAP Active Directory, from which all the users came from. Now, if I want to add specific role for Active Directory (AD) group, I have to go to active directory, get all users for particular group and add desierd role via keycloak api in separeate application, which is extremly bad logic.
In previous version of keycloak (5.0.1) it had Script Mapper on javascript that could get Active Directory groups and map them into roles for a particular client. In the latest version 8.0.1 it has no such mapper.
I wonder, is there any mapper or other ability in latest version of Keycloak to map AD groups to resource roles. So, I could say that group_name has role user for client_name and role user appeared in keycloak token under resource_access.client_name.roles list
Upvotes: 4
Views: 22478
Answers (1)
Reputation: 46
You can achieve what you want by following these steps:
- Go to "Groups" on the left menu
- Select the group
- Using the "Role Mappings" tab, choose which client role should be assigned to members of that group.
Upvotes: 3
Related Questions
- Enable role authentication with spring boot (security) and keycloak?
- Keycloak refuses to return roles on request
- Keycloak with Spring Boot based on roles does not work, which were assigned to the user in keycloak
- Keycloak spring boot configuration for client roles
- Keycloak and spring security usage
- How to assign Composite Roles in KeyCloak
- How to give client role based access in keycloak spring adapter?
- @RolesAllowed annotation always throw 403 error with Keycloak
- Keycloak User Role Mapping and Pemissions
- Assign role to user Keycloak Admin Client