[英]Keycloak role mapping
I have a spring boot application secured with keycloak.我有一个用 keycloak 保护的 Spring Boot 应用程序。 Each user in realm has roles for my resource (client).
领域中的每个用户都有我的资源(客户端)的角色。 Roles are configuraed on users tab, for particular user under Role Mapping tab as Client Roles :
角色在用户选项卡上配置,对于角色映射选项卡下的特定用户作为客户端角色:
I also use integration with LDAP Active Directory , from which all the users came from.我还使用与LDAP Active Directory 的集成,所有用户都来自该目录。 Now, if I want to add specific role for Active Directory (AD) group, I have to go to active directory, get all users for particular group and add desierd role via keycloak api in separeate application, which is extremly bad logic.
现在,如果我想为 Active Directory (AD) 组添加特定角色,我必须转到 Active Directory,获取特定组的所有用户并通过 keycloak api 在单独的应用程序中添加 desierd 角色,这是非常糟糕的逻辑。
In previous version of keycloak (5.0.1) it had Script Mapper on javascript that could get Active Directory groups and map them into roles for a particular client.在以前版本的 keycloak (5.0.1) 中,它在 javascript 上有脚本映射器,可以获取 Active Directory 组并将它们映射到特定客户端的角色。 In the latest version 8.0.1 it has no such mapper.
在最新版本 8.0.1 中它没有这样的映射器。
I wonder, is there any mapper or other ability in latest version of Keycloak to map AD groups to resource roles.我想知道,最新版本的 Keycloak 是否有任何映射器或其他功能可以将 AD 组映射到资源角色。 So, I could say that
group_name
has role user
for client_name
and role user
appeared in keycloak token under resource_access
.所以,我可以说,
group_name
具有角色user
为client_name
和角色user
出现在keycloak令牌下resource_access
。 client_name
. client_name
。 roles
list roles
列表
You can achieve what you want by following these steps:您可以按照以下步骤实现您想要的:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.