WeiMengXS
commented
10 months ago From my experience, if you have deployed Keycloak, you can log in to its administration console for management purposes. It is recommended to learn about it here Keycloak
Closed tim-chaffin closed 10 months ago
WeiMengXS
commented
10 months ago From my experience, if you have deployed Keycloak, you can log in to its administration console for management purposes. It is recommended to learn about it here Keycloak
PacoVK
commented
10 months ago Tapir does not know users, it integrates with IDPs like Keycloak via OIDC. You can use any OIDC provider you like. If the OIDC provider does not provide an end-session-path you currently cannot logout via the UI. IDPs like Keycloak provide such endpoint. Hence, they are fully supported :)
Mind that the token the IDP issues needs to pass a role called admin for users that should be able to administer Deploykeys.
tim-chaffin
commented
10 months ago Ahhh okay. So, like a traditional SCIM mapping would occur in other systems, in this case we're doing straight user and user role mapping (for the admin) explicitly from the IdP via OIDC.
On this file https://github.com/PacoVK/tapir/blob/main/docs/images/tapir.gif Could we update the workflow to demonstrate how users are managed?