keycloak-scim/examples/ldap
2020-07-22 14:36:15 +02:00
..
src/main LDAP polishing 2016-12-19 18:11:23 +01:00
ldap-example-users.ldif KEYCLOAK-3921 LDAP binary attributes 2016-12-13 18:31:26 +01:00
ldaprealm.json KEYCLOAK-6630 Client scopes initial support (#5076) 2018-06-08 15:38:38 +02:00
pom.xml Set version to 12.0.0-SNAPSHOT 2020-07-22 14:36:15 +02:00
README.md Simplify embedded server bootstrap in LDAP and Kerberos examples 2015-07-23 21:17:40 +02:00

Keycloak Example - LDAP

This example shows how to configure Keycloak with LDAP and use LDAP for authenticating users into Keycloak and provision data about users.

Example is using built-in ApacheDS LDAP server with preconfigured LDIF file with some example LDAP data (you can override with your own LDIF file) and preconfigured realm JSON file with LDAP Federation provider and sample set of preconfigured LDAP mappers and protocol mappers. This shows mapping of basic LDAP data (username, firstName, lastName, email), but also some custom attributes ( postal code, street) and also propagation of role mappings from LDAP to the Keycloak. LDAP mappers are used to import data from LDAP user records into user records in Keycloak database. Then there are protocol mappers, which are used to propagate the data from user record in Keycloak database into the IDToken and Access Token, which is then shown in the example application.

The example application is then showing all the basic claims of current user together with custom claims and role mappings.

Detailed steps how to make the example working:

1) Build and deploy this sample's WAR file in target/ldap-portal.war . For this example, deploy on the same server that is running the Keycloak Server, although this is not required for real world scenarios.

2) Run ApacheDS based LDAP server. You can run the command like this (assuming you're in the "ldap" directory with this example):

mvn exec:java -Pldap

This will also automatically import the LDIF from ldap-example-users.ldif into the LDAP server. Replace with your own LDIF file if you want different users.

3) Run Keycloak server and import ldaprealm.json into it through admin console. This contains the realm with preconfigured LDAP federation provider and LDAP mappers and protocol mappers. Note that there are not any roles or users in this file. All of users, roles and role mappings data will be imported automatically from LDAP.

4) Test the example. In your web browser open http://localhost:8080/ldap-portal . You can login either as jbrown with password password or as bwilson with password password . You can see that access token contains all the claims and role mappings corresponding to the LDAP data provided in LDIF.