Comments (7)
I added a new configuration option that allows to toggle between the two implementations. The explanation can be seen on the screenshot. So if I provide the next release you need to explicitly toggle this feature on.
from scim-for-keycloak.
Tested the Updated Jar!
It works perfect! Thanks so much!
{ "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User" ], "id": "39c8ae29-c1a2-4985-b2b5-80546b39fcce", "userName": "ceadmin", "active": true, "emails": [ { "value": "ceadmin@sample", "primary": true } ], "name": { "familyName": "CEAdmin" }, "groups": [ { "value": "9be1b07e-db39-4d8e-92cc-fc6bb3b6a7bc", "display": "AllSharedUsers", "type": "direct" }, { "value": "114d862d-4bcb-43db-82ac-5ecc243eeb30", "display": "P8Admins", "type": "direct" }, { "value": "907bbdd1-7f3c-418b-82ab-c6e301c7ba6a", "display": "OSAdminGroup", "type": "direct" }, { "value": "0c12e429-aad9-40d9-955b-3604626082a8", "display": "CEAdminGroup", "type": "direct" } ],
from scim-for-keycloak.
Ah I see. This is no configuration problem but might hopefully be solved with a configuration.
the SCIM for Keycloak plugin is looking directly on the database for user-group-relationships forgetting that there might be a user-federation between. This was done due to some testcases with poor performance. Unfortunately I didn't think twice that I would exclude federations in this way. If I look into the keycloaks ldap configuration it seems that only users can be synced with the keycloak-database. Or is it possible to also synchronize the groups?
If groups cannot be synced I will need to add an additional solution for this problem. But this might effect performance to a certain degree based on how much the SCIM endpoints are used and how many users are assigned to a group.
from scim-for-keycloak.
Hi 👋 @Captain-P-Goldfish ! Appreciate the feedback!
I was able to sync both -- and I can see the membership in the KeyCloak Admin Console.
I can see the relationship between User and Groups on both:
![image](https://private-user-images.githubusercontent.com/141669097/273270693-f2bf34a2-ca23-4451-a32d-68f68ec4eb53.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MDkyMDk4OTUsIm5iZiI6MTcwOTIwOTU5NSwicGF0aCI6Ii8xNDE2NjkwOTcvMjczMjcwNjkzLWYyYmYzNGEyLWNhMjMtNDQ1MS1hMzJkLTY4ZjY4ZWM0ZWI1My5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjQwMjI5JTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI0MDIyOVQxMjI2MzVaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT1iYzFmM2E5N2RlOTcyNmRiNjIwMzFhMTM2MzU2ZWVjZDI2MmY5NGRjODRkNzkzZDkzMDZkYzA1Mzg5ODkzMzdjJlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZhY3Rvcl9pZD0wJmtleV9pZD0wJnJlcG9faWQ9MCJ9.oB-3j-llUhNZbCR3gOz30GKuAu6-WrQQ2cvy8yf8aJE)
Im not sure if there is something different to make sure they groups are synced.
I tried messing around with the mode on the group-mapper -- and I assume they would be synced to the DB.
![image](https://private-user-images.githubusercontent.com/141669097/273272757-c738aa00-bf05-4b51-92b3-e7749345ea4d.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MDkyMDk4OTUsIm5iZiI6MTcwOTIwOTU5NSwicGF0aCI6Ii8xNDE2NjkwOTcvMjczMjcyNzU3LWM3MzhhYTAwLWJmMDUtNGI1MS05MmIzLWU3NzQ5MzQ1ZWE0ZC5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjQwMjI5JTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI0MDIyOVQxMjI2MzVaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT01YWE0YjQzOWEwNDRjZmM5ODEzOTQ4YzJjYWY1NmIxODUxZTliOGQ1M2VlYjhhZjhjMmQxNWZkYjQ1NzBhMmU0JlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZhY3Rvcl9pZD0wJmtleV9pZD0wJnJlcG9faWQ9MCJ9.f4D6vd2gNWYHND4vszQL7n7tYVXiIpaaqhJSSEeGkZE)
from scim-for-keycloak.
Okay, I was able to find the source of the problem.
When the groups are synchronized from LDAP to keycloak the group-relations are not. They are accessed from the LDAP directly and cached afterwards to have a better and faster access to these mappings.
I can fix this issue. I should have it ready until the start of next week.
from scim-for-keycloak.
You are the best! Thanks so much!
Saves me from recreating all the users!
from scim-for-keycloak.
Thank you so much! Appreciate the speedy work!
I will look out for the updated jar!
from scim-for-keycloak.
Related Issues (20)
- liquibase issues HOT 10
- Seed initial configuration in keycloak HOT 4
- Scim plugin behind reverse proxy that strips a path prefix makes the scim console unaccessible HOT 4
- I don't see any source for some of the classes in enterprise source zip HOT 3
- I can't seem to get authentication for scim working HOT 2
- email not present in response from /Users for kc-20-b1 HOT 3
- how install scim-for-keycloak in keycloak docker HOT 1
- MS SCIM Validator error, boolean as string HOT 3
- Can this module POST user data to client applications? (like Django or any others) HOT 3
- Role mapping HOT 3
- Affiliation between users and groups synced from AzureAD to keycloak is lost HOT 7
- UMA compatibiliy HOT 11
- QA: SCIM Enterprise with multitenancy HOT 3
- Question about SCIM support coverage: Is the SCIM Admin console currently available? HOT 4
- How does SCIM work with External Database? HOT 6
- Issues with free version pre-enterprise HOT 12
- groups on users and members on groups doesn't appear to be exposed via the 2 endpoints. HOT 9
- Search by id seems to be not working HOT 5
- Something maybe missing from the scim endpoint implementation HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from scim-for-keycloak.