Page Comparison

...

1. Open the Keycloak administration console

2. Open the “Client Scopes” tab

3. Click “Create”

4. Enter the following information:

   1. Name: modelop_client

   2. Description: A ModelOp custom scope used to distinguish between an OAuth2 client and an end-user

   3. Protocol: openid-connect

   4. Display On Consent Screen: OFF

   5. Include in Token Scope: ON

   6. GUI order:

5. Click “Save”

Defining Users group claim:

• Use: https://modelopdocs.atlassian.net/wiki/spaces/dv32/pages/1770651659/Keycloak+How-to#Create-a-group-mapper If imported users contain already a field to be used as the ModelOp Center group.

• Use: https://modelopdocs.atlassian.net/wiki/spaces/dv32/pages/1770651659/Keycloak+How-to#Create-a-group-mapper-with-a-hardcoded-value if imported users are missing the field to be used as ModelOp Center group.

Create a group mapper

1. Open the Keycloak administration console

2. Open the “User Federation” tab

3. Select the LDAP provider

4. Open the “Mappers” tab

5. Click “Create”

6. Enter the following information:

   1. Name: modelOpGroups

   2. Mapper Type: user-attribute-ldap-mapper

   3. User Model Attribute: memberOf

   4. LDAP Attribute: <Enter the name of the mapped attribute on LDAP object containing the user’s groups>

   5. Read Only: ON

   6. Always Read Value From LDAP: ON

   7. Is Mandatory in LDAP: OFF

   8. Is Binary Attribute: OFF

7. Click “Save”

...