libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

[KEYCLOAK-3904] SSSD User Federation allow to change user groups

Browse source
This commit is contained in:
Bruno Oliveira 2016-12-14 13:00:09 -02:00
parent c67875fffc
commit f3c8c326d2
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
topics/user-federation/sssd.adoc
View file

@ -14,6 +14,9 @@ image:../../{{book.images}}/keycloak-sssd-freeipa-integration-overview.png[]
Most of the communication between {{book.project.name}} and SSSD happens through read-only D-Bus interfaces. For this reason, the only way to provision and update users is changing it at FreeIPA/IdM admin's interface. By default, it is set up only to import username, e-mail, first name, and last name — just like the LDAP federation provider.
[CAUTION]
Groups and roles and automatically registered, but not synchronized, so any changes made by the Keycloak administrator directly in Keycloak is not synchronized with SSSD.
Because it's easy to forget some configuration detail, let's go through some steps, to make sure that everything is alright.
==== FreeIPA/IdM server
@ -101,8 +104,6 @@ fi
----
{% endif %}
This script do the proper changes to `/etc/sssd/sssd.conf`:
[domain/your-hostname.local]