Comments (9)
greenpau
commented on July 22, 2024
1
@axi92 , however, you could use “user transforms” to grant roles too. You could match by realm and email to grant someone admin status. Then, match by realm only and grant authp/user.
from authcrunch.github.io.
greenpau
commented on July 22, 2024
1
If you need I can start the keycloak instance again so you can test on it.
@axi92 good job on exploring the options!!!
I could only work on this on weekends.
from authcrunch.github.io.
greenpau
commented on July 22, 2024
1
I am wondering whether I missed something in my documentation.
@axi92 , solved it! 👍
from authcrunch.github.io.
greenpau
commented on July 22, 2024
@axi92 , this is where I did not yet figure how to propagate user groups to the id_token sent by Keycloak. I will try finding time to work on it next weekend.
from authcrunch.github.io.
axi92
commented on July 22, 2024
Ok I am on to something, I need some further testing to figure it out how the complete chain works. But I got the default mappings on the client. There are default mappers to do that.
I got now more roles:
"roles": [
"create-realm",
"offline_access",
"admin",
"uma_authorization",
"authp/user"
],
from authcrunch.github.io.
axi92
commented on July 22, 2024
I run the caddy in debug mode and decode the id_token on jwt.io there is with the groups also a resource_access.
Can you map that into the User Identity of the authp?
"resource_access": {
"caddy-security-portal": {
"roles": [
"industria_department-lead",
"industria_project-lead"
]
}
},
"email_verified": false,
"name": ".....",
"groups": [
"create-realm",
"offline_access",
"admin",
"uma_authorization"
],
"resource_access": {
"<client id>": {
"roles": [
"industria_department-lead",
"industria_project-lead"
]
}
}
from authcrunch.github.io.
axi92
commented on July 22, 2024
I added 2 built in mappers
If you need I can start the keycloak instance again so you can test on it.
from authcrunch.github.io.
greenpau
commented on July 22, 2024
@axi92 , I just recreated the client setup and ran into the following issue:
2022/05/06 23:05:48.695 WARN security Authentication failed {"session_id": "4Vm8BUcBtIRVLgWMWJIs3ZFfVmQyqVsCIpyAY8mJxkwk6", "request_id": "39579b16-0e37-432e-8cc6-7f15460d166c", "error": "failed validating OAuth 2.0 access token: OAuth 2.0 id_token email claim not found"}
In short the access token sent by Keycloak does not have email field.
Were you able to follow my instructions and get a working portal (although without roles)?
from authcrunch.github.io.
greenpau
commented on July 22, 2024
@axi92 , I am wondering whether I missed something in my documentation.
from authcrunch.github.io.
Related Issues (20)
- oauth: document enable logout directive
- ui: document meta author and description
- messaging: document file provider
- ldap: document fallback role directive
- ui: setting page directives
- document aws saml login HOT 3
- Azure OIDC Expired Tokens Redirect URL Issue HOT 2
- keycloak no id_token HOT 17
- keycloak in the same Caddyfile HOT 1
- Build fails with Docker and xcaddy HOT 1
- How does authp interact with the acme challenge URLs? HOT 2
- Allow both unauthenticated and authenticated access HOT 1
- Unable to register new user without email verification. HOT 3
- fail to send mail to smtp-mail.outlook.com HOT 1
- google oauth: send "prompt" query param HOT 1
- Successful Oauth Login Immediately Redirects HOT 4
- Feature request: automaticaly activate newly self-registered users HOT 2
- Feature request: store users in database HOT 1
- Unable to type password HOT 11
- Update Keycloak Example HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from authcrunch.github.io.