Last modified by Johannes Wielsch on 2020/09/04 05:30

<
From version < 11.3 >
edited by Johannes Wielsch
on 2020/09/04 05:12
To version < 11.4 >
edited by Johannes Wielsch
on 2020/09/04 05:18
>
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -4,7 +4,6 @@
4 4  
5 5  Remember: Groups are created once a user logs on. There is no real sync. But with every login the ldap membership is reflected to XWiki over the keycloak login-token. In XWiki you can assign rights to the pushed ldap-Keycloak-xWiki-groups.
6 6  
7 -
8 8  Follow these steps:
9 9  
10 10  * Open Keycloak admin console with [[https:~~/~~/KEYCLOAK_ADDRESS/auth/admin/>>https://KEYCLOAK_ADDRESS/auth/admin/]] and login with admin credentials.
... ... @@ -13,40 +13,39 @@
13 13  * When a ldap provider is not existent go to add provider. 1) (no documentation for this step)
14 14  
15 15  * After creating the ldap provider click on ldap 2)(((
16 -[[image:2020-09-02 19_48_04-Einstellungen.png||height="379" width="650"]]
15 +{{image reference="2020-09-02 19_48_04-Einstellungen.png" width="650"/}}
17 17  )))
18 18  
19 19  * Click on mappers 1) an look for a groups mapper 2). If it is missing click on create 3)(((
20 -[[image:2020-09-02 19_48_53-Einstellungen.png||height="379" width="650"]]
19 +{{image reference="2020-09-02 19_48_53-Einstellungen.png" width="650"/}}
21 21  )))
22 22  
23 -* Choose the mapper-type 1) "group-ldap-mapper" and fill in the information from your ldap-configuration (((
24 -[[image:2020-09-02 19_52_52-Einstellungen.png||height="380" width="650"]]
22 +* Choose the mapper-type 1) "group-ldap-mapper" and fill in the information from your ldap-configuration(((
23 +{{image reference="2020-09-02 19_52_52-Einstellungen.png" width="650"/}}
25 25  )))
26 26  
27 -* Afterwards click on save an move on to Client Scopes 1) in the left Panel. Look for a group scope 2) If it does not exist create one 3) (((
28 -[[image:2020-09-02 19_53_30-Einstellungen.png||height="379" width="650"]]
26 +* Afterwards click on save an move on to Client Scopes 1) in the left Panel. Look for a group scope 2) If it does not exist create one 3)(((
27 +{{image reference="2020-09-02 19_53_30-Einstellungen.png" width="650"/}}
29 29  )))
30 30  
31 -* Chose the following configuration for the groups scope. Click on save. (((
32 -[[image:2020-09-02 19_54_21-Einstellungen.png||height="379" width="650"]]
30 +* Chose the following configuration for the groups scope. Click on save.(((
31 +{{image reference="2020-09-02 19_54_21-Einstellungen.png" width="650"/}}
33 33  )))
34 34  
35 -* Move on to the Mappers-tab 1) and creat a built in mapper 2). aim is to have a groups mapper 3) (((
36 -[[image:2020-09-02 19_55_25-Einstellungen.png||height="378" width="650"]]
34 +* Move on to the Mappers-tab 1) and creat a built in mapper 2). aim is to have a groups mapper 3)(((
35 +{{image reference="2020-09-02 19_55_25-Einstellungen.png" width="650"/}}
37 37  )))
38 38  
39 -* Chose the mapper 1) from the list an click on save. (Save button at the end of the list and not in the picture.) (((
40 -[[image:2020-09-02 19_56_08-Keycloak Admin Konsole und 2 weitere Seiten - Persönlich – Microsoft​ Edge.png||height="381" width="650"]]
38 +* Chose the mapper 1) from the list an click on save. (Save button at the end of the list and not in the picture.)(((
39 +{{image reference="2020-09-02 19_56_08-Keycloak Admin Konsole und 2 weitere Seiten - Persönlich – Microsoft​ Edge.png" width="650"/}}
41 41  )))
42 42  
43 -* Go to Clients 1) and chose your xWiki Client ID 2) which you created while adding keycloak as authentication provider. Chos the tab Client Scopes (Number Missing) and add the new groups scope 3) to the Assigned Default Client Scope 5) with button 4) (((
44 -[[image:2020-09-02 20_21_32-Clipboard.png||height="377" width="650"]]
42 +* Go to Clients 1) and chose your xWiki Client ID 2) which you created while adding keycloak as authentication provider. Chos the tab Client Scopes (Number Missing) and add the new groups scope 3) to the Assigned Default Client Scope 5) with button 4)(((
43 +{{image reference="2020-09-02 20_21_32-Clipboard.png" width="650"/}}
45 45  )))
46 46  
47 -* Test it by Clicking on Evaluate 3), chose the user 4), click evaluate 5) and move to the tab Generated Access Token 6. Groups should be listed in the client scopes 7) and the list of groups should be visible, too 8) (((
48 -[[image:2020-09-02 19_58_36-Einstellungen.png||height="383" width="650"]]
46 +* Test it by Clicking on Evaluate 3), chose the user 4), click evaluate 5) and move to the tab Generated Access Token 6. Groups should be listed in the client scopes 7) and the list of groups should be visible, too 8)(((
47 +{{image reference="2020-09-02 19_58_36-Einstellungen.png" width="650"/}}
49 49  )))
50 50  
51 51  * Done. If I remember correctly the steps.
52 -

Get Connected