keycloak-scim

History

Torsten Juergeleit 6005503a3d Namespace support to group-ldap-mapper Previously, Keycloak did only support syncing groups from LDAP federation provider as top-level KC groups. This approach has some limitations: - If using multiple group mappers then there’s no way to isolate the KC groups synched by each group mapper. - If the option "Drop non-existing groups during sync” is activated then all KC groups (including the manually created ones) are deleted. - There’s no way to inherit roles from a parent KC group. This patch introduces support to specify a prefix for the resulting group path, which effectively serves as a namespace for a group. A path prefix can be specified via the newly introduced `Groups Path` config option on the mapper. This groups path defaults to `/` for top-level groups. This also enables to have multiple `group-ldap-mapper`'s which can manage groups within their own namespace. An `group-ldap-mapper` with a `Group Path` configured as `/Applications/App1` will only manage groups under that path. Other groups, either manually created or managed by other `group-ldap-mapper` are not affected.	2020-05-26 17:37:29 +02:00
..
java/org/keycloak/testsuite	Namespace support to group-ldap-mapper	2020-05-26 17:37:29 +02:00
resources	KEYCLOAK-14236 Support for custom Firefox preferences	2020-05-22 09:24:41 -03:00

Torsten Juergeleit 6005503a3d Namespace support to group-ldap-mapper

Previously, Keycloak did only support syncing groups from LDAP federation provider as top-level KC groups.

This approach has some limitations:
- If using multiple group mappers then there’s no way to isolate the KC groups synched by each group mapper.
- If the option "Drop non-existing groups during sync” is activated then all KC groups (including the manually created ones) are deleted.
- There’s no way to inherit roles from a parent KC group.

This patch introduces support to specify a prefix for the resulting group path, which effectively serves as a namespace for a group.

A path prefix can be specified via the newly introduced `Groups Path` config option on the mapper. This groups path defaults to `/` for top-level groups.

This also enables to have multiple `group-ldap-mapper`'s which can manage groups within their own namespace.

An `group-ldap-mapper` with a `Group Path` configured as `/Applications/App1` will only manage groups under that path. Other groups, either manually created or managed by other `group-ldap-mapper` are not affected.

2020-05-26 17:37:29 +02:00

java/org/keycloak/testsuite

Namespace support to group-ldap-mapper

2020-05-26 17:37:29 +02:00

resources

KEYCLOAK-14236 Support for custom Firefox preferences

2020-05-22 09:24:41 -03:00