APILocator.getRoleAPI().addRoleToUser(APILocator.getRoleAPI().loadBackEndUserRole(), userToModify);
Nathan I. Keiter | Lead Network Applications Programmer | I.D.E.A Council Member
Gettysburg College | Information Technology | DataSystems
Campus Box 2453 | 300 North Washington Street | Gettysburg, PA 17325
Phone:
717.337.6993
https://www.gettysburg.edu<
https://www.gettysburg.edu/>
________________________________
From:
dot...@googlegroups.com <
dot...@googlegroups.com> on behalf of Martin Hümmerich <
martin.h...@gmail.com>
Sent: Wednesday, May 5, 2021 7:43 AM
To: dotCMS User Group
Subject: [dotcms] OAuth Plugin / Authorization question
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
________________________________
Hey everybody,
we are currently doing some tests for authentication and authorization with the OAuth 2 plugin that can be found at
https://github.com/dotcms-plugins/plugin-dotcms-oauth
Our goal is to set up and manage our users in keycloak (and in keycloak only!). Furthermore, depending on the groups / roles that we assign to our keycloak users, the specific user should or should not be authorized to use the admin UI and be able to act as a backend-user.
So far, we have set up a successful authentication, but we struggle with the authorization, i.e. the group / role mapping. We have found out that we can assign a "CMS Administrator" group in keycloak which seems to determine the "CMS Admin" flag in the dotcms (marked as green in the screenshot below). We have, however, not figured out if there might be similar groups for the dotcms "Back-end User" and the "Can Login To Admin UI" flags (marked as red).
[Image6.png]
Has anybody run into the same authorization problem before and figured out how the group / role mapping works for the above access flags? If not: Is our requirement even valid, or is this just not doable?
Thanks for your time,
looking forward to any kind of answer,
Martin
--
http://dotcms.com<
https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fdotcms.com&c=E,1,2cCaR-oHvhKPRMiMva7s0zDxjS9LWA2LSr_gL5PaBHxtlQeUhxLeuccaUVl-Yk-tGDeKNUlpdSuv8LQbSX5KBg7pQdFGl1lYEUbMtPaZXyU,&typo=1> - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
dotcms+un...@googlegroups.com<mailto:
dotcms+un...@googlegroups.com>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/dotcms/b9030069-6ff5-4124-b9e4-4589fead6677n%40googlegroups.com<
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fgroups.google.com%2fd%2fmsgid%2fdotcms%2fb9030069-6ff5-4124-b9e4-4589fead6677n%2540googlegroups.com%3futm_medium%3demail%26utm_source%3dfooter&c=E,1,GntEtNfY9zLjQ7CB3Khq8oPCpuHJ67zySILveQcXQ37zOGv2FIfn_IJGYvEcrR6tOIMGiaUmWpCIc0rZwTZtM-9vYyli9sjg0qipwmGzG3SvGw3rZoE,&typo=1>.