DSpace with keycloak, what roles to use?

[Mo Raza]

I'm trying to integrate keycloak with dspace 7.3. What roles does the user need to have in order to have dspace recognize that user as an administrator or anonymous user?

I've tried Administrator and administrator and neither one of them worked.

[Tim Donohue]

Hi Mo,

At this time, "roles" in Keycloak (or OIDC) are not inherited or mapped into DSpace.  You can just login via OIDC / Keycloak and your name & email are copied into DSpace.  See the configuration documentation at https://wiki.lyrasis.org/display/DSDOC7x/Authentication+Plugins#AuthenticationPlugins-OpenIDConnect(OIDC)Authentication

So, in order to give a user Administrative privileges in DSpace, you'd have to do something like this:
1. First login as that user via Keycloak.  This will autocreate their user (Eperson) in DSpace

2. Then, have an existing Administrator login and add their created EPerson to the "Administrator" group in DSpace.  (If you don't yet have an existing Administrator login, you can create one by using the "./dspace create-administrator" commandline tool)

In the future, I think roles will be inherited...but this feature doesn't exist yet.  There is a ticket for creating this feature though at https://github.com/DSpace/DSpace/issues/8406

Tim