Keycloak 角色映射
[英]Keycloak role mapping
问题描述
I have a spring boot application secured with keycloak.
我有一个用 keycloak 保护的 Spring Boot 应用程序。 Each user in realm has roles for my resource (client).领域中的每个用户都有我的资源(客户端)的角色。 Roles are configuraed on users tab, for particular user under Role Mapping tab as Client Roles :角色在用户选项卡上配置,对于角色映射选项卡下的特定用户作为客户端角色:
I also use integration with LDAP Active Directory , from which all the users came from.我还使用与LDAP Active Directory 的集成,所有用户都来自该目录。 Now, if I want to add specific role for Active Directory (AD) group, I have to go to active directory, get all users for particular group and add desierd role via keycloak api in separeate application, which is extremly bad logic.现在,如果我想为 Active Directory (AD) 组添加特定角色,我必须转到 Active Directory,获取特定组的所有用户并通过 keycloak api 在单独的应用程序中添加 desierd 角色,这是非常糟糕的逻辑。
In previous version of keycloak (5.0.1) it had Script Mapper on javascript that could get Active Directory groups and map them into roles for a particular client.在以前版本的 keycloak (5.0.1) 中,它在 javascript 上有脚本映射器,可以获取 Active Directory 组并将它们映射到特定客户端的角色。 In the latest version 8.0.1 it has no such mapper.在最新版本 8.0.1 中它没有这样的映射器。
I wonder, is there any mapper or other ability in latest version of Keycloak to map AD groups to resource roles.我想知道,最新版本的 Keycloak 是否有任何映射器或其他功能可以将 AD 组映射到资源角色。 So, I could say that group_name has role user for client_name and role user appeared in keycloak token under resource_access .所以,我可以说, group_name具有角色user为client_name和角色user出现在keycloak令牌下resource_access 。 client_name . client_name 。 roles list roles列表
1 个解决方案
解决方案1
3 已采纳 2020-03-23 12:59:29
You can achieve what you want by following these steps:您可以按照以下步骤实现您想要的:
- Go to "Groups" on the left menu转到左侧菜单上的“群组”
- Select the group选择组
- Using the "Role Mappings" tab, choose which client role should be assigned to members of that group.使用“角色映射”选项卡,选择应分配给该组成员的客户端角色。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.