Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhancement - Feature to add keycloak roles to the created user #144

Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

Enhancement - Feature to add keycloak roles to the created user #144

wants to merge 9 commits into from

Conversation

shiva-rakshith
Copy link
Contributor

Usecase scenario:
Creating a user in the registry will create a user in keycloak. currently, we don't have any feature in registry to add keycloak roles to users.

Adding keycloak roles to users, will help to give different privileges to users. For example, we can give access to different users to different APIs based on their roles, which can be extracted from JWT token(as it contains role information).

Sample request body with roles:

{
   "name": "Ravi kumar",
   "roles": ["teacher"],
   "email: "ravi.kumar@gmail.com",
   "phone": "9666505050"
}

The roles property should be of type List, as multiple roles can be assigned to a person.
Whatever the roles is passed in the request body, the same will be added to user in keycloak. If roles property is not define in the request body, registry will consider that as empty list and no role will be added.

Configuration changes:

  1. Define roles in keycloak.
    (keycloak -> roles -> add role)

add-roles (2)

  1. Add the 'view-realm' role to client(admin-api) to access the keycloak roles
    ( Keycloak -> open client(which is configured as client_id in application.yml) -> Service Account Roles -> Client Roles, select 'realm-management' -> Assign 'view-realm' role)

add-view-realm (2)

Future enhancements:

  1. Instead of manually adding the roles in keycloak. Registry should able to add the roles(if not exist) programmatically.

Discussion link: Sunbird-RC/community#178

@shiva-rakshith
Copy link
Contributor Author

Hi @dileepbapat

We have implemented this feature as part of Swasth Health Claims Exchange registry use case and we would like to contribute back to Sunbird-RC, Can you please review the PR and share your feedback.

cc: @vrayulu @maheshkumargangula

@tejash-jl
Copy link
Member

@shiva-rakshith,
I think that the custom roles mapping can be done outside SB-RC,
here is another way to solve this
https://github.com/orgs/Sunbird-RC/discussions/178#discussioncomment-3403856

@shiva-rakshith
Copy link
Contributor Author

shiva-rakshith commented Aug 16, 2022
edited
Loading

@shiva-rakshith, I think that the custom roles mapping can be done outside SB-RC, here is another way to solve this https://github.com/orgs/Sunbird-RC/discussions/178#discussioncomment-3403856

@tejash-jl - In that scenario, roles will be common to all the users and no differentiation. For example, I have an organization entity, in which different users will have different roles. It seems that this cannot be achieved with above suggested solution. Could you please confirm?

@tejash-jl
Copy link
Member

@shiva-rakshith, I think that the custom roles mapping can be done outside SB-RC, here is another way to solve this https://github.com/orgs/Sunbird-RC/discussions/178#discussioncomment-3403856

@tejash-jl - In that scenario, roles will be common to all the users and no differentiation. For example, I have an organization entity, in which different users will have different roles. It seems that this cannot be achieved with above suggested solution. Could you please confirm?

I think this can be done outside SB-RC as it is part of custom use-case implementation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@shiva-rakshith @tejash-jl @maheshkumargangula