You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dlab.apache.org by om...@apache.org on 2019/09/02 14:38:30 UTC
[incubator-dlab] branch DLAB-terraform updated: Added creation of
Keycloak mappers
This is an automated email from the ASF dual-hosted git repository.
omartushevskyi pushed a commit to branch DLAB-terraform
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
The following commit(s) were added to refs/heads/DLAB-terraform by this push:
new 8e420cf Added creation of Keycloak mappers
8e420cf is described below
commit 8e420cf297d4b2aad18ed8f08b6597cd339621eb
Author: Oleh Martushevskyi <Ol...@epam.com>
AuthorDate: Mon Sep 2 17:38:21 2019 +0300
Added creation of Keycloak mappers
---
.../ssn-helm-charts/main/files/configure_keycloak.sh | 18 +++++++++++++++++-
1 file changed, 17 insertions(+), 1 deletion(-)
diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/configure_keycloak.sh b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/configure_keycloak.sh
index 20b6d03..a2540b9 100644
--- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/configure_keycloak.sh
+++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/files/configure_keycloak.sh
@@ -51,15 +51,31 @@
-s 'config.pagination=["true"]' --server http://127.0.0.1:8080/auth
# Get user federation ID
user_f_id=$(/opt/jboss/keycloak/bin/kcadm.sh get components -r dlab --query name=dlab-ldap | /usr/bin/jq -er '.[].id')
- # Create user federation mapper
+ # Create user federation email mapper
/opt/jboss/keycloak/bin/kcadm.sh create components -r dlab -s name=uid-attribute-to-email-mapper \
-s providerId=user-attribute-ldap-mapper -s providerType=org.keycloak.storage.ldap.mappers.LDAPStorageMapper \
-s parentId=$user_f_id -s 'config."user.model.attribute"=["email"]' \
-s 'config."ldap.attribute"=["uid"]' -s 'config."read.only"=["false"]' \
-s 'config."always.read.value.from.ldap"=["false"]' -s 'config."is.mandatory.in.ldap"=["false"]'
+ # Create user federation group mapper
+ /opt/jboss/keycloak/bin/kcadm.sh create components -r dlab -s name=group_mapper -s providerId=group-ldap-mapper \
+ -s providerType=org.keycloak.storage.ldap.mappers.LDAPStorageMapper -s parentId=$user_f_id \
+ -s 'config."groups.dn"=["ou=Groups,${ldap_dn}"]' -s 'config."group.name.ldap.attribute"=["cn"]' \
+ -s 'config."group.object.classes"=["posixGroup"]' -s 'config."preserve.group.inheritance"=["false"]' \
+ -s 'config."membership.ldap.attribute"=["memberUid"]' -s 'config."membership.attribute.type"=["UID"]' \
+ -s 'config."groups.ldap.filter"=[]' -s 'config.mode=["IMPORT"]' \
+ -s 'config."user.roles.retrieve.strategy"=["LOAD_GROUPS_BY_MEMBER_ATTRIBUTE"]' \
+ -s 'config."mapped.group.attributes"=[]' -s 'config."drop.non.existing.groups.during.sync"=["false"]'
# Create client
/opt/jboss/keycloak/bin/kcadm.sh create clients -r dlab -s clientId=dlab-ui -s enabled=true -s \
'redirectUris=["http://${ssn_k8s_alb_dns_name}/"]' -s secret=${keycloak_client_secret}
+ # Get clint ID
+ client_id=$(/opt/jboss/keycloak/bin/kcadm.sh get clients -r dlab --query clientId=dlab-ui | /usr/bin/jq -er '.[].id')
+ # Create client mapper
+ /opt/jboss/keycloak/bin/kcadm.sh create clients/$client_id/protocol-mappers/models \
+ -r dlab -s name=group_mapper -s protocol=openid-connect -s protocolMapper="oidc-group-membership-mapper" \
+ -s 'config."full.path"="false"' -s 'config."id.token.claim"="true"' -s 'config."access.token.claim"="true"' \
+ -s 'config."claim.name"="groups"' -s 'config."userinfo.token.claim"="true"'
}
main_func () {
hostname=$(hostname)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org