cugu
commented
3 years ago My solution is as follows:
- Create an user attribute. In my case it is just "org"
- In keycloak you can create a client scope for that attribute
- Assign the client scope
- Use the following config
user.autoCreateOnSso=true user.organisationFieldName="org" user.defaults.profile="analyst" user.defaults.organisation="default"
auth { providers: [ {name: session} # required ! {name: local} {name: key} { name: oauth2 clientId: "CLIENT_ID" clientSecret: "CLIENT_SECRET" redirectUri: "REDIRECT_URI" responseType: "code" grantType: "authorization_code" authorizationUrl: "KEYCLOAK_URLprotocol/openid-connect/auth" authorizationHeader: "Bearer" tokenUrl: "KEYCLOAK_URLprotocol/openid-connect/token" userUrl: "KEYCLOAK_URLprotocol/openid-connect/userinfo" scope: ["openid", "email", "org"] userIdField: "email" } ] defaultUserDomain: "thehive.local" }
Request Type
Question
Work Environment
Question
How can I assign a new user into organisation on TheHIve over Keycloak ? I know but It should be over attribute but i don't know how. Even if I have attribute: key => organisation value => test22 A new user is assign to test1 organisation.
Configuration - application.conf
user.autoCreateOnSso: true user.profileFieldName: profile user.organisationFieldName: organisation user.defaults.profile: analyst user.defaults.organisation: "test1"
auth { providers: [ {name: session} # required ! {name: basic, realm: thehive} {name: local} {name: key} { name: oauth2 clientId: "thehive-login" clientSecret: "" # or empty redirectUri: "http://IP ADDRESS:9000/api/ssoLogin" responseType: "code" grantType: "authorization_code" authorizationUrl: "http://IP ADDRESS:8080/auth/realms/SIEM/protocol/openid-connect/auth" authorizationHeader: "Bearer" tokenUrl: "http://IP ADDRESS:8080/auth/realms/SIEM/protocol/openid-connect/token" userUrl: "http://IP ADDRESS:8080/auth/realms/SIEM/protocol/openid-connect/userinfo" scope: ["openid", "email"] userIdField: "email" userOrganisationFieldName: "organisation" profileFieldName: "profile" }
] }