Keycloak 12.0.2: How-to

Owned by Dave Trier
Last updated: Jul 16, 2024 by Blagica
2 min read

The instructions were generated by following the Administration Console view in version Keycloak 12.0.2. Please refer to Keycloak: How-to for steps using version 20.0.1.

Create a custom scope

  1. Open the Keycloak administration console

  2. Open the “Client Scopes” tab

  3. Click “Create”

  4. Enter the following information:

    1. Name: modelop_client

    2. Description: A ModelOp custom scope used to distinguish between an OAuth2 client and an end-user

    3. Protocol: openid-connect

    4. Display On Consent Screen: OFF

    5. Include in Token Scope: ON

    6. GUI order:

  5. Click “Save”

Create a user attribute mapper

Please use this type of mapper when there is an LDAP attribute containing the user’s group(s)

To create a user attribute mapper which specifies which LDAP attribute maps to the attribute of the Keycloak user, please follow these steps:

  1. Open the Keycloak administration console

  2. Open the “User Federation” tab

  3. Select the LDAP provider

  4. Open the “Mappers” tab

  5. Click “Create”

  6. Enter the following information:

    1. Name: modelOpGroups

    2. Mapper Type: user-attribute-ldap-mapper

    3. User Model Attribute: memberOf

    4. LDAP Attribute: <Enter the name of the mapped attribute on LDAP object containing the user’s groups>

    5. Read Only: ON

    6. Always Read Value From LDAP: ON

    7. Is Mandatory in LDAP: OFF

    8. Is Binary Attribute: OFF

  7. Click “Save”

Once the group mapper is defined, it needs to be applied to all users by following these steps, starting with “Step 3. Select the LDAP provider” listed above:

  1. Open the “Settings” tab

  2. Click “Synchronize all users”

Create a hardcoded attribute mapper

Please use this type of mapper when there is no LDAP attribute containing the user’s group(s)

To create a hardcoded attribute mapper which adds a hardcoded group value to each Keycloak user linked with LDAP, please follow these steps:

  1. Open the Keycloak administration console

  2. Open the “User Federation” tab

  3. Select the LDAP provider

  4. Open the “Mappers” tab

  5. Click “Create”

  6. Enter the following information:

    1. Name: modelOpGroups

    2. Mapper Type: hardcoded-attribute-mapper

    3. User Model Attribute Name: memberOf

    4. Attribute Value: modelop

  7. Click “Save”

Official Keycloak Resources

The following links from the official Keycloak documentation are excellent resources that cover the topics and settings required for ModelOp Center: