Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Create a custom scope

  1. Open the Keycloak administration console

  2. Open the “Client Scopes” tab

  3. Click “Create”

  4. Enter the following information:

    1. Name: modelop_client

    2. Description: A ModelOp custom scope used to distinguish between an OAuth2 client and an end-user

    3. Protocol: openid-connect

    4. Display On Consent Screen: OFF

    5. Include in Token Scope: ON

    6. GUI order:

  5. Click “Save”

Create a group mapper

  1. Open the Keycloak administration console

  2. Open the “User Federation” tab

  3. Select the LDAP provider

  4. Open the “Mappers” tab

  5. Click “Create”

  6. Enter the following information:

    1. Name: modelOpGroups

    2. Mapper Type: user-attribute-ldap-mapper

    3. User Model Attribute: memberOf

    4. LDAP Attribute: <Enter the name of the mapped attribute on LDAP object containing the user’s groups>

    5. Read Only: ON

    6. Always Read Value From LDAP: ON

    7. Is Mandatory in LDAP: OFF

    8. Is Binary Attribute: OFF

  7. Click “Save”

Once the group mapper is defined, it needs to be applied to all users by following these steps, starting with “Step 3. Select the LDAP provider” listed above:

  1. Open the “Settings” tab

  2. Click “Synchronize all users”

Create a group mapper with a hardcoded value

  1. Open the Keycloak administration console

  2. Open the “User Federation” tab

  3. Select the LDAP provider

  4. Open the “Mappers” tab

  5. Click “Create”

  6. Enter the following information:

    1. Name: modelOpGroups

    2. Mapper Type: hardcoded-attribute-mapper

    3. User Model Attribute Name: memberOf

    4. Attribute Value: modelop

  7. Click “Save”

  • No labels