-
Notifications
You must be signed in to change notification settings - Fork 182
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ocis_keycloak: Add ocis roles as realm roles #5750
Conversation
This adds the roles ocisAdmin, ocisSpaceAdmin, ocisUser and ocisGuest as realm roles to the the oCIS realm. It also assigns those roles to the demo users. Additionally the missing demo user "Katherine Johnson" is added with the role of "ocisSpaceAdmin".
Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes. |
related to #5669 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 looks great
One also has the flexibility to not directly assign a role to a user but to a group. Therefore the group needs the role mapper and every group member will receive this role. Will oCIS have a logic to use the "highest privileges role" (if there is something like an order of privileges!?)
What do we do about OCIS_ADMIN_USER_ID
is that still needed for other usecases? Because if you're using Keycloak, you won't need that somewhat constrained setting anymore.
Good question. I guess we'll somehow need to add that to ocis, yes.
The keycloak deployment it not really uses
|
Author: Ralf Haferkamp <rhaferkamp@owncloud.com> Date: Wed Mar 8 12:11:21 2023 +0100 ocis_keycloak: Add ocis roles as realm roles (#5750) * ocis_keycloak: Add ocis roles as realm roles This adds the roles ocisAdmin, ocisSpaceAdmin, ocisUser and ocisGuest as realm roles to the the oCIS realm. It also assigns those roles to the demo users. Additionally the missing demo user "Katherine Johnson" is added with the role of "ocisSpaceAdmin". * Expose realm_roles in "roles" claim of id tokens and userinfo
This adds the roles ocisAdmin, ocisSpaceAdmin, ocisUser and ocisGuest as realm roles to the the oCIS realm. It also assigns those roles to the demo users.
Additionally the missing demo user "Katherine Johnson" is added with the role of "ocisSpaceAdmin".
The changes to actually evaluate the roles from ocis will follow in a later PR.