[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: OIDC role mapping?



Hi

This should work, all the roles set up by Keycloak should be recognized:
https://github.com/quarkusio/quarkus/blob/master/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcUtils.java#L29

and if the claim containing the roles is a custom one then a 'quarkus.oidc.roles.role-claim-path' property will help:

https://github.com/quarkusio/quarkus/blob/master/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcConfig.java#L111

Does it help ?

I'll open an issue to get it documented.

Thanks Sergey

On Tue, Dec 3, 2019 at 8:21 AM Benjamin Guillon <benjamin guillon cc in2p3 fr> wrote:
Hi,

I'd gladly know if that's possible as well.
So far in our tests (keycloak OIDC and OKD 3.11 as well) we did not manage to do it.

Best regards,
--
Benjamin Guillon

----- Mail original -----
De: "Jon Stanley" <jonstanley gmail com>
À: "users" <users lists openshift redhat com>
Envoyé: Mardi 3 Décembre 2019 06:20:07
Objet: OIDC role mapping?

Is it possible to map roles based on OpenID claims? I've successfully
got a cluster authenticating with OIDC, but I'm wondering if I can do
authorization over there too :). My IDP that I'm using for testing is
Keycloak, so that should be the easiest thing to do, right? :). I
can't find any documentation or enhancement proposal about that.

_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]