Captain-P-Goldfish
commented
7 months ago I do not see any reason why it should not work. Did you try it? The SCIM for Keycloak plugin offers a free version to test and validate if it suits your needs.
Closed danieliu456 closed 5 months ago
Captain-P-Goldfish
commented
7 months ago I do not see any reason why it should not work. Did you try it? The SCIM for Keycloak plugin offers a free version to test and validate if it suits your needs.
danieliu456
commented
7 months ago Thank you for your fast response <3, no haven't tested it yet, yes SCIM for a user and group sync should work, but we would need to distinguish to which organization this user belongs and assign this link, same for a group I have a parent group for organization.
Would it be possible to have a dedicated SCIM configuration per each organization and for each identity provider (azure-org1, google-org1, azure-org2, google-org2) maybe any idea if that's possible or how we should approach that?
Is it possible to have a different client per configuration group (client-org1, client-org2) so they could use them for authentication and based on that assign organization links for example?
I know this features will not be supported but I simply need to investigate if that's possible with this solution so I could extend that and how hard would it be to do that :/
And as I understand I can use kc-22-1.2.0-BETA-free for testing, and does it have some specific limitations from feature side apart
?
Captain-P-Goldfish
commented
7 months ago Would it be possible to have a dedicated SCIM configuration per each organization and for each identity provider
This is only possible on a per realm base, but as I understood you are using phase II for multitenancy in a single realm
Is it possible to have a different client per configuration group (client-org1, client-org2) so they could use them for authentication and based on that assign organization links for example?
How does phase II distinguish between organizations? I assume its based on an attribute in the user-attributes table? If this is true, is the name of the attribute fix or configurable?
Currently the SCIM for Keycloak plugin does not support modifying the attribute-names that are used for storing the values. The nickName of a user is e.g. stored under its full qualified schema-attribute-name urn:ietf:params:scim:schemas:core:2.0:User:nickName. This is done to avoid naming conflicts with extensions and other attributes. So it would probably be necessary to make this configurable.
And as I understand I can use kc-22-1.2.0-BETA-free for testing, and does it have some specific limitations from feature side apart
The free version is also feature complete. I considered this necessary for appropriate testing
Hi, I am using keycloak with phase two (https://github.com/p2-inc/keycloak-orgs) extension to handle multitenancy in a single realm setup. Maybe you have any idea if it would be possible to use your amazing scim plugin (enterprise license kc-22+) with this extension?