Closed quambel closed 1 year ago
You'll need to use a keycloak_generic_protocol_mapper
.
Many thanks for the quick response. Unfortunately, it's not clear to me how to control the "New Role Name" field (from the UI) via terraform. Could you give me an example please? qoute: "The supported keys depends on the protocol mapper" How do I know the keys?
Thanks in advance.
@quambel I figure out the field names by "inspect element" in my web browser. I don't know if they're officially documented anywhere.
@james-callahan Thanks for the hint. I was able to find out the name for the "New Role Name" input field. For the Dropdowns I could not find the name.
The issue was useful: https://github.com/mrparkers/terraform-provider-keycloak/issues/811
Just use the values from the Java class: https://github.com/carlosthe19916/repeidtest/tree/7e956f55ee30cf7d4e9086d6760246773dfb044d/manager/services/src/main/java/org/keycloak/protocol/oidc/mappers
example: resource "keycloak_generic_protocol_mapper" "argocd_rolemapped_role_mapping" { realm_id = keycloak_realm.myrealm.id client_id = keycloak_openid_client.myclient.id protocol = "openid-connect" protocol_mapper = "oidc-role-name-mapper" name = "to-admin-role-rolemapper" config = { "role" = "argocd_admin" "new.role.name" = "admin" } }
Hello, thanks for this good provider. I'm missing only one important resource. How to configure a "Role Name Mapper" in the "Dedicated Scopes" section of an OIDC client?
way in the UI: "Clients" -> "argocd" -> Tab "Client scopes" -> "argocd-dedicated" -> Tab "Mappers" -> "Configure new mapper" -> "Role Name Mapper"
url within keycloak: https://MY-KEYCLOAK-URL/admin/master/console/#/MY-REALM/clients/MY-CLIENT-UUID/clientScopes/dedicated/mappers/oidc-role-name-mapper
This function is often used to create a realm role, e.g. "argocd_admin", which is mapped to the "admin" role within the client. The role (group within argocd) admin is default and does not have to be created. So you can login directly. However, the mapping does not lose the fine-grained control of rights. There are many applications with the default role admin. Only an admin role would mean that you can no longer separate the rights between applications.
Does the resource already exist? Unfortunately I couldn't find them.
I use keycloak version 19.0.3 and 4.2.0 of this terraform provider.
Thanks in advance. Jan