harbor keycloak group integration example

Created on 7 Jan 2020  路  5Comments  路  Source: goharbor/harbor

If anyone can give an example how to configure harbor with keycloak groups. The documentation in harbor is little confusing. I am able to make harbor working with keycloak but not able to configure groups correctly.
What i understood is
Create groups in keycloak
create a custom mapper to have all the groups in client configuration and update that in name in harbor. Harbor populated the groups in UI.
Then for the user create a field memberof mapper which will be all the groups the user is part of in ckeycloak.
It does not work.
Any help will be nice.

areauth-integration

Most helpful comment

@adityanmishra you need to create mapper with type "Group Membership" and set the token claim name for that, then in Harbor you set the group claim to what you have set.

The single source of truth for verification, is to see the group info in ID token

All 5 comments

+1

@adityanmishra you need to create mapper with type "Group Membership" and set the token claim name for that, then in Harbor you set the group claim to what you have set.

The single source of truth for verification, is to see the group info in ID token

I'm closing this issue as the question is answered.

Thanks for the answer, @reasonerjt , but how to sync changes on keycloak groups with harbor groups?

I found out Keycloak groups get synced to Harbor when a user who belongs to that group logs into Harbor.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

clausa picture clausa  路  20Comments

roldancer picture roldancer  路  30Comments

roldancer picture roldancer  路  23Comments

jimangel picture jimangel  路  23Comments

tschwaller picture tschwaller  路  30Comments