Comments (3)
Hi, I guess you were trying to assign a role to a user by using the roles
-attribute?
The roles-attribute is not meant to do this:
https://datatracker.ietf.org/doc/html/rfc7643#section-4.1.2
roles
A list of roles for the user that collectively represent who the
user is, e.g., "Student", "Faculty". No vocabulary or syntax is
specified, although it is expected that a role value is a String
or label representing a collection of entitlements. This value
has no canonical types.
But it is basically possible to extend the plugin to be able to assign roles directly to groups or users but this would be some effort because it would either require a new endpoint to manage realm-roles or a custom-extension on the exsting SCIM resources User
and Group
to add those roles directly.
Any particular reason you need this feature?
from scim-for-keycloak.
Thanks for your response!
Our (my and my team's) idea was to assign a user to a role with SCIM request. We expected that Role property exists for that purpose but we found out that it does not. We opted out to using Groups instead.
By the way, can you please point out how we can extend the plugin? Or add a new endpoint?
from scim-for-keycloak.
What exactly is your plan? I can think of several solutions.
- using the
members
attribute to assign roles to a group requires also the definition of a custom-endpoint for roles. - a custom-attribute definition named
kcRealmRoles
could be used to assign roles by either name or id.
Which extension do you mean?
The Open Source plugin has reached end of life with keycloak 21. For this purpose the plugin was completely rebuild to be usable with keycloak 21+. https://scim-for-keycloak.de
The enterprise version is not open source though. But I could add an extension for this purpose in a future version.
from scim-for-keycloak.
Related Issues (20)
- liquibase issues HOT 10
- Seed initial configuration in keycloak HOT 4
- Scim plugin behind reverse proxy that strips a path prefix makes the scim console unaccessible HOT 4
- I don't see any source for some of the classes in enterprise source zip HOT 3
- I can't seem to get authentication for scim working HOT 2
- You may want to look at integrating this for the scim user federation part
- Issue with Use with Microsoft Azure AD wiki page HOT 2
- MS SCIM Validator error, boolean as string HOT 3
- Can this module POST user data to client applications? (like Django or any others) HOT 3
- Affiliation between users and groups synced from AzureAD to keycloak is lost HOT 7
- UMA compatibiliy HOT 11
- [KeyCloak 22-b2] Group Membership is lost in SCIM call, when users are loaded from LDAP. HOT 7
- QA: SCIM Enterprise with multitenancy HOT 3
- Question about SCIM support coverage: Is the SCIM Admin console currently available? HOT 4
- How does SCIM work with External Database? HOT 6
- Issues with free version pre-enterprise HOT 12
- groups on users and members on groups doesn't appear to be exposed via the 2 endpoints. HOT 9
- Search by id seems to be not working HOT 5
- Something maybe missing from the scim endpoint implementation HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from scim-for-keycloak.