Versions Compared

Old Version 1

changes.mady.by.user Dave Trier

Saved on

compared with

New Version Current

changes.mady.by.user Blagica

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Note

The instructions were generated by following the Administration Console view in version Keycloak 12.0.2. Please refer to Keycloak 20.0.1: How-to for steps using version 20.0.1.

Create a custom scope

  1. Open the Keycloak administration console

  2. Open the “Client Scopes” tab

  3. Click “Create”

  4. Enter the following information:

    1. Name: modelop_client

    2. Description: A ModelOp custom scope used to distinguish between an OAuth2 client and an end-user

    3. Protocol: openid-connect

    4. Display On Consent Screen: OFF

    5. Include in Token Scope: ON

    6. GUI order:

  5. Click “Save”

Create a user attribute mapper

Info

Please use this type of mapper when there is an LDAP attribute containing the user’s group(s)

...

  1. Open the “Settings” tab

  2. Click “Synchronize all users”

Create a hardcoded attribute mapper

Info

Please use this type of mapper when there is no LDAP attribute containing the user’s group(s)

...

  1. Open the Keycloak administration console

  2. Open the “User Federation” tab

  3. Select the LDAP provider

  4. Open the “Mappers” tab

  5. Click “Create”

  6. Enter the following information:

    1. Name: modelOpGroups

    2. Mapper Type: hardcoded-attribute-mapper

    3. User Model Attribute Name: memberOf

    4. Attribute Value: modelop

  7. Click “Save”

...

Official Keycloak Resources

The following links from the official Keycloak documentation are excellent resources that cover the topics and settings required for ModelOp Center:

...