Re: Groups are not propagated to Opal with a Keycloak user
73 views
Skip to first unread message
Yannick Marcon
Jul 1, 2020, 7:53:36 AM7/1/20
to obiba...@googlegroups.com
Hi,
I am not sure to understand your setup. Which application is connected to which one and how ? Which "environment" works and which does not ?
Yannick
On Wed, Jul 1, 2020 at 1:07 AM François Breton <Francoi...@dti.ulaval.ca> wrote:
I managed to setup two identical OBiBa environments with the latest versions of Agate & Opal.--I configured Agate and Opal to use a Keycloak Realm. It works OK in one environment, but in the other, I noticed that the user groups of the Agate users were not propagated to the Opal Profiles upon logon (see attached image). As a result, I cannot enforce any Opal security based on group membership.Any clue on what Agate/Opal parameter is incorrectly configured?Thanks,
You received this message because you are subscribed to the Google Groups "obiba-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to obiba-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/obiba-users/65651293-849b-435b-9020-80a958f6dff2o%40googlegroups.com.
François Breton
Jul 9, 2020, 2:28:28 PM7/9/20
to obiba-users
I found the problem. In the Opal Identity Providers configuration, I had to specify the "openid profile" scopes, as well as "groups" for the "Groups Claim".
I also had to manually reset the user's already granted scopes in Agate and delete the user's profile in Opal before performing another test.
I also had to manually reset the user's already granted scopes in Agate and delete the user's profile in Opal before performing another test.
On Wednesday, July 1, 2020 at 7:53:36 AM UTC-4, Yannick Marcon wrote:
Hi,I am not sure to understand your setup. Which application is connected to which one and how ? Which "environment" works and which does not ?Yannick
On Wed, Jul 1, 2020 at 1:07 AM François Breton <Francoi...@dti.ulaval.ca> wrote:
I managed to setup two identical OBiBa environments with the latest versions of Agate & Opal.--I configured Agate and Opal to use a Keycloak Realm. It works OK in one environment, but in the other, I noticed that the user groups of the Agate users were not propagated to the Opal Profiles upon logon (see attached image). As a result, I cannot enforce any Opal security based on group membership.Any clue on what Agate/Opal parameter is incorrectly configured?Thanks,
You received this message because you are subscribed to the Google Groups "obiba-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to obiba...@googlegroups.com.
Yannick Marcon
Jul 9, 2020, 2:50:19 PM7/9/20
to obiba...@googlegroups.com
I would like to understand: Opal is connecting via OpenID to Agate (then to Keycloak) or directly to Keycloak ?
To unsubscribe from this group and stop receiving emails from it, send an email to obiba-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/obiba-users/9548102f-3175-458b-adb3-557b7fc6c933o%40googlegroups.com.
François Breton
Jul 9, 2020, 2:58:14 PM7/9/20
to obiba-users
Opal is connecting via OpenID to Agate. Agate then delegates the authentication to Keycloak via a realm that we configured in Agate.
To view this discussion on the web visit https://groups.google.com/d/msgid/obiba-users/9548102f-3175-458b-adb3-557b7fc6c933o%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages