harbor keycloak group integration example
If anyone can give an example how to configure harbor with keycloak groups. The documentation in harbor is little confusing. I am able to make harbor working with keycloak but not able to configure groups correctly.
What i understood is
Create groups in keycloak
create a custom mapper to have all the groups in client configuration and update that in name in harbor. Harbor populated the groups in UI.
Then for the user create a field memberof mapper which will be all the groups the user is part of in ckeycloak.
It does not work.
Any help will be nice.
adityanmishra
All 5 comments
+1
gbarre
on 21 Feb 2020
@adityanmishra you need to create mapper with type "Group Membership" and set the token claim name for that, then in Harbor you set the group claim to what you have set.
The single source of truth for verification, is to see the group info in ID token
reasonerjt
on 24 Feb 2020
I'm closing this issue as the question is answered.
reasonerjt
on 9 Mar 2020
Thanks for the answer, @reasonerjt , but how to sync changes on keycloak groups with harbor groups?
r-trigo
on 27 Mar 2020
I found out Keycloak groups get synced to Harbor when a user who belongs to that group logs into Harbor.
r-trigo
on 6 Aug 2020
Related issues
reasonerjt
·
3Comments
abououdine
·
3Comments
mramanathan
·
3Comments
a-kinder
·
3Comments
izhichao
·
3Comments
Most helpful comment
@adityanmishra you need to create mapper with type "Group Membership" and set the token claim name for that, then in Harbor you set the group claim to what you have set.
The single source of truth for verification, is to see the group info in ID token