When connecting existing systems to the SSO, the following question came up: how to link or map users/groups from keycloak to existing users in applications behind the SSO/Web-SSO, so that they can still be used with the existing permissions and hierarchies (LDAP is not available in every application)?
Maybe someone here can help me
Many thanks for your help
Using Keycloak 12.0.4 (Distribution powered by WildFly) on Cent OS 7
User and Group mapping will depend on the external IdP you are using, and the protocol it uses (e.g. OpenID Connect, SAML). In the server administration documentation (Server Administration Guide) there is information on how to create mappings for each type.
Sure. If you add a GitLab IdP, using the default provider in Keycloak (which is OpenID Connect), you can map any claims available to you through the token that is returned from GitLab to map to Keycloak Roles and Groups. Note that in order to get GitLab to return the correct information, you may have
to add scopes to your request. Documentation on mapping claims and assertions can be found here: https://www.keycloak.org/docs/latest/server_admin/#_mappers
I want to integrate and link an application such as “GitLab” with Keycloak as IdP.
Is there a detailed step by step guide on how to integrate Keycloak as IdP to provide SSO to third party applications using for example the protocols like OpenID Connect or SAML 2.0?
I’ve tried the steps in the instructions for the application.
Can you explain how i can access existing users/user rights as IdP in the application “GitLab” after the successful login/authentication in keycloak and how the mapping between the keycloak user and the users of the application works/happens?