Versions Compared

Old Version 6

changes.mady.by.user Miguel Rosas

Saved on

compared with

New Version 7

changes.mady.by.user Blagica

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Open the Keycloak administration console

  2. Open the “Client Scopes” tab

  3. Click “Create”

  4. Enter the following information:

    1. Name: modelop_client

    2. Description: A ModelOp custom scope used to distinguish between an OAuth2 client and an end-user

    3. Protocol: openid-connect

    4. Display On Consent Screen: OFF

    5. Include in Token Scope: ON

    6. GUI order:

  5. Click “Save”

Defining Users group claim:

...

Create a user attribute mapper

Info

Please use this type of mapper when there is an LDAP attribute containing the user’s group(s)

To create a user attributemapper which specifies which LDAP attribute maps to the attribute of the Keycloak user, please follow these steps:

  1. Open the Keycloak administration console

  2. Open the “User Federation” tab

  3. Select the LDAP provider

  4. Open the “Mappers” tab

  5. Click “Create”

  6. Enter the following information:

    1. Name: modelOpGroups

    2. Mapper Type: user-attribute-ldap-mapper

    3. User Model Attribute: memberOf

    4. LDAP Attribute: <Enter the name of the mapped attribute on LDAP object containing the user’s groups>

    5. Read Only: ON

    6. Always Read Value From LDAP: ON

    7. Is Mandatory in LDAP: OFF

    8. Is Binary Attribute: OFF

  7. Click “Save”

...

  1. Open the “Settings” tab

  2. Click “Synchronize all users”

Create a hardcoded attribute mapper

Info

Please use this type of mapper when there is no LDAP attribute containing the user’s group

...

(s)

To create a hardcoded attribute mapper which adds a hardcoded group value to each Keycloak user linked with LDAP, please follow these steps:

  1. Open the Keycloak administration console

  2. Open the “User Federation” tab

  3. Select the LDAP provider

  4. Open the “Mappers” tab

  5. Click “Create”

  6. Enter the following information:

    1. Name: modelOpGroups

    2. Mapper Type: hardcoded-attribute-mapper

    3. User Model Attribute Name: memberOf

    4. Attribute Value: modelop

  7. Click “Save”

...