Comments (5)
Hi austride,
thanks for using my plugin! 😄
I have not thought about subgroups yet, thats why the code only looks in the groups directly. I will have a look on that as soon as possible.
from keycloak-docker-group-role-mapper.
Thank you. I am not a java developer otherwise I would do it. But I think its as simple as adding a Stream.concat if I am reading this correctly:
https://www.keycloak.org/docs-api/21.1.1/javadocs/org/keycloak/models/UserModel.html#getGroupsStream()
https://www.keycloak.org/docs-api/21.1.1/javadocs/org/keycloak/models/GroupModel.html#getSubGroupsStream()
internal fun getUserNamespacesFromGroups(user: UserModel): Collection<String> {
return Stream.concat( user.groupsStream.filter { it.name.startsWith(GROUP_PREFIX) }
.map { it.name.lowercase().replace(GROUP_PREFIX, "")},
user.groupsStream.subgroupsStream.filter { it.name.startsWith(GROUP_PREFIX) }
.map { it.name.lowercase().replace(GROUP_PREFIX, "") }).toList()
}
Additionally... it would be really slick if you added a "REGISTRY_NAMESPACE_SCOPE" called "group_mapper" so someone could pass in a yaml/json variable like this and use whatever existing group names they want...
REGISTRY_NAMESPACE_GROUP_MAPPER: '{"nmsp-1":["GROUP_A"],"nmsp-2":["GROUP_B"],"nmsp-3":["GROUP_A","GROUP_B"]}'
Then you could check to see if the list REGISTRY_NAMESPACE_GROUP_MAPPER[namespace] intersects with user.groupsStream.toList(). If the resulting intersect returns more than 1 group, then you grant access. Otherwise, deny.
This way someone wouldn't have to mess at all with adding/maintaining special "registry-" groups in keycloak. I've always found that the less times you are in the keycloak UI the better!
from keycloak-docker-group-role-mapper.
Hi @austride
I have created a new release:
https://github.com/alexanderwolz/keycloak-docker-group-role-mapper/releases/tag/v1.5.2
Can you double check if your LDAP subgroups now are recognized?
I have also added a custom property for the group prefix. I also like the idea of a custom group mapper, but haven't had the time to look at it yet.
I hope this fix helps you by now!
from keycloak-docker-group-role-mapper.
Awesome! I should have time to check this out this week.
from keycloak-docker-group-role-mapper.
I seem to have gotten it to work... but I am confused as to how its working.
First thing I tried was this:
Created group: registry-grp1
Created sub-group: ldap_group_name
No luck..
Second thing I tried was this
Under the ldap_group_name, I created sub-group: registry-grp1
This seems to work!
I am not sure why this works as I thought the first option should have worked... but maybe not?
In any event, the second option is actually better/cleaner as now the registery-grp1 is just a subgroup of my top level ldap groups.
from keycloak-docker-group-role-mapper.
Related Issues (4)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from keycloak-docker-group-role-mapper.