Open cosmin-harangus opened 2 years ago
I wasn't even aware that Keycloak supports subgroups prior to this, so I don't think it's possible with the plugin right now.
However, it should be easy to change the code in UserModelFactory
to support this, perhaps using something like this StackOverflow answer as a base:
https://stackoverflow.com/a/59888309
Subgroups in the response JSON could then be recognized as being keys in a "group array", e.g.:
{ "groups": ["mainGroup[subGroup], someOtherGroup"] }
.
Unfortunately, I don't have the time to implement this, but I encourage you to create a PR if you have the time :)
In case someone else will work on this in the future:
Maybe identifying groups would work better with group paths used in KC, not names.
e.g. { "groups": ["/parent/child", "/another/path", "backward-compatible-group-name-w-current-behaviour" ] }
Until this is implemented, there's a workaround that might work for others: prepopulate all groups in KC and use unique names for subgroups. UserModelFactory will pick a proper subgroup if its name is unique within your realm.
I have a Keycloak installation which contains multiple company groups with subgroups (Owner, Admin, Member). I am trying to use the plugin to migrate users from the old auth system to the new one and assign the users to the groups for each of the company.
Since assigning to a group is based on the group name I can't find a way to assign a user to a subgroup, especially since the subgroups all have the same name for each company group.
Can you let me know if that is possible with the current implementation? Wouldn't it be better to use the id instead of the name?