From f98315b2de60f645284a161d34cc8cf4eb88bed2 Mon Sep 17 00:00:00 2001 From: Billy Tat Date: Fri, 18 Oct 2024 16:52:36 -0700 Subject: [PATCH] Sync PR#827 (Add client roles mapping section) from upstream --- .../configure-keycloak-oidc.adoc | 17 +++++++++++++++++ .../configure-keycloak-oidc.adoc | 17 +++++++++++++++++ .../configure-keycloak-oidc.adoc | 17 +++++++++++++++++ .../configure-keycloak-oidc.adoc | 17 +++++++++++++++++ .../configure-keycloak-oidc.adoc | 17 +++++++++++++++++ .../configure-keycloak-oidc.adoc | 17 +++++++++++++++++ 6 files changed, 102 insertions(+) diff --git a/versions/latest/modules/en/pages/rancher-admin/users/authn-and-authz/configure-keycloak-oidc.adoc b/versions/latest/modules/en/pages/rancher-admin/users/authn-and-authz/configure-keycloak-oidc.adoc index 117b6002..97cafd6c 100644 --- a/versions/latest/modules/en/pages/rancher-admin/users/authn-and-authz/configure-keycloak-oidc.adoc +++ b/versions/latest/modules/en/pages/rancher-admin/users/authn-and-authz/configure-keycloak-oidc.adoc @@ -47,6 +47,9 @@ If you have an existing configuration using the SAML protocol and want to switch | `Token Claim Name` | `groups` +| `Full group path` +| `OFF` + | `Add to ID token` | `OFF` @@ -71,6 +74,9 @@ If you have an existing configuration using the SAML protocol and want to switch | `Included Client Audience` | +| `Add to ID token` +| `OFF` + | `Add to access token` | `ON` |=== @@ -92,10 +98,21 @@ If you have an existing configuration using the SAML protocol and want to switch | `Full group path` | `ON` +| `Add to ID token` +| `ON` + +| `Add to access token` +| `ON + | `Add to user info` | `ON` |=== +* Go to **Role Mappings > Client Roles > realm-management** and add the following Role Mappings to all users or groups that need to query the Keycloak users. +** query-users +** query-groups +** view-users + == Configuring Keycloak in Rancher . In the Rancher UI, click *☰ > Users & Authentication*. diff --git a/versions/latest/modules/zh/pages/rancher-admin/users/authn-and-authz/configure-keycloak-oidc.adoc b/versions/latest/modules/zh/pages/rancher-admin/users/authn-and-authz/configure-keycloak-oidc.adoc index b257fcd8..8bbffbe0 100644 --- a/versions/latest/modules/zh/pages/rancher-admin/users/authn-and-authz/configure-keycloak-oidc.adoc +++ b/versions/latest/modules/zh/pages/rancher-admin/users/authn-and-authz/configure-keycloak-oidc.adoc @@ -47,6 +47,9 @@ | `Token Claim Name` | `groups` +| `Full group path` +| `OFF` + | `Add to ID token` | `OFF` @@ -71,6 +74,9 @@ | `Included Client Audience` | +| `Add to ID token` +| `OFF` + | `Add to access token` | `ON` |=== @@ -92,10 +98,21 @@ | `Full group path` | `ON` +| `Add to ID token` +| `ON` + +| `Add to access token` +| `ON + | `Add to user info` | `ON` |=== +* Go to **Role Mappings > Client Roles > realm-management** and add the following Role Mappings to all users or groups that need to query the Keycloak users. +** query-users +** query-groups +** view-users + == 在 Rancher 中配置 Keycloak . 在 Rancher UI 中,单击 *☰ > 用户 & 认证*。 diff --git a/versions/v2.8/modules/en/pages/rancher-admin/users/authn-and-authz/configure-keycloak-oidc.adoc b/versions/v2.8/modules/en/pages/rancher-admin/users/authn-and-authz/configure-keycloak-oidc.adoc index 117b6002..97cafd6c 100644 --- a/versions/v2.8/modules/en/pages/rancher-admin/users/authn-and-authz/configure-keycloak-oidc.adoc +++ b/versions/v2.8/modules/en/pages/rancher-admin/users/authn-and-authz/configure-keycloak-oidc.adoc @@ -47,6 +47,9 @@ If you have an existing configuration using the SAML protocol and want to switch | `Token Claim Name` | `groups` +| `Full group path` +| `OFF` + | `Add to ID token` | `OFF` @@ -71,6 +74,9 @@ If you have an existing configuration using the SAML protocol and want to switch | `Included Client Audience` | +| `Add to ID token` +| `OFF` + | `Add to access token` | `ON` |=== @@ -92,10 +98,21 @@ If you have an existing configuration using the SAML protocol and want to switch | `Full group path` | `ON` +| `Add to ID token` +| `ON` + +| `Add to access token` +| `ON + | `Add to user info` | `ON` |=== +* Go to **Role Mappings > Client Roles > realm-management** and add the following Role Mappings to all users or groups that need to query the Keycloak users. +** query-users +** query-groups +** view-users + == Configuring Keycloak in Rancher . In the Rancher UI, click *☰ > Users & Authentication*. diff --git a/versions/v2.8/modules/zh/pages/rancher-admin/users/authn-and-authz/configure-keycloak-oidc.adoc b/versions/v2.8/modules/zh/pages/rancher-admin/users/authn-and-authz/configure-keycloak-oidc.adoc index b257fcd8..8bbffbe0 100644 --- a/versions/v2.8/modules/zh/pages/rancher-admin/users/authn-and-authz/configure-keycloak-oidc.adoc +++ b/versions/v2.8/modules/zh/pages/rancher-admin/users/authn-and-authz/configure-keycloak-oidc.adoc @@ -47,6 +47,9 @@ | `Token Claim Name` | `groups` +| `Full group path` +| `OFF` + | `Add to ID token` | `OFF` @@ -71,6 +74,9 @@ | `Included Client Audience` | +| `Add to ID token` +| `OFF` + | `Add to access token` | `ON` |=== @@ -92,10 +98,21 @@ | `Full group path` | `ON` +| `Add to ID token` +| `ON` + +| `Add to access token` +| `ON + | `Add to user info` | `ON` |=== +* Go to **Role Mappings > Client Roles > realm-management** and add the following Role Mappings to all users or groups that need to query the Keycloak users. +** query-users +** query-groups +** view-users + == 在 Rancher 中配置 Keycloak . 在 Rancher UI 中,单击 *☰ > 用户 & 认证*。 diff --git a/versions/v2.9/modules/en/pages/rancher-admin/users/authn-and-authz/configure-keycloak-oidc.adoc b/versions/v2.9/modules/en/pages/rancher-admin/users/authn-and-authz/configure-keycloak-oidc.adoc index 117b6002..97cafd6c 100644 --- a/versions/v2.9/modules/en/pages/rancher-admin/users/authn-and-authz/configure-keycloak-oidc.adoc +++ b/versions/v2.9/modules/en/pages/rancher-admin/users/authn-and-authz/configure-keycloak-oidc.adoc @@ -47,6 +47,9 @@ If you have an existing configuration using the SAML protocol and want to switch | `Token Claim Name` | `groups` +| `Full group path` +| `OFF` + | `Add to ID token` | `OFF` @@ -71,6 +74,9 @@ If you have an existing configuration using the SAML protocol and want to switch | `Included Client Audience` | +| `Add to ID token` +| `OFF` + | `Add to access token` | `ON` |=== @@ -92,10 +98,21 @@ If you have an existing configuration using the SAML protocol and want to switch | `Full group path` | `ON` +| `Add to ID token` +| `ON` + +| `Add to access token` +| `ON + | `Add to user info` | `ON` |=== +* Go to **Role Mappings > Client Roles > realm-management** and add the following Role Mappings to all users or groups that need to query the Keycloak users. +** query-users +** query-groups +** view-users + == Configuring Keycloak in Rancher . In the Rancher UI, click *☰ > Users & Authentication*. diff --git a/versions/v2.9/modules/zh/pages/rancher-admin/users/authn-and-authz/configure-keycloak-oidc.adoc b/versions/v2.9/modules/zh/pages/rancher-admin/users/authn-and-authz/configure-keycloak-oidc.adoc index b257fcd8..8bbffbe0 100644 --- a/versions/v2.9/modules/zh/pages/rancher-admin/users/authn-and-authz/configure-keycloak-oidc.adoc +++ b/versions/v2.9/modules/zh/pages/rancher-admin/users/authn-and-authz/configure-keycloak-oidc.adoc @@ -47,6 +47,9 @@ | `Token Claim Name` | `groups` +| `Full group path` +| `OFF` + | `Add to ID token` | `OFF` @@ -71,6 +74,9 @@ | `Included Client Audience` | +| `Add to ID token` +| `OFF` + | `Add to access token` | `ON` |=== @@ -92,10 +98,21 @@ | `Full group path` | `ON` +| `Add to ID token` +| `ON` + +| `Add to access token` +| `ON + | `Add to user info` | `ON` |=== +* Go to **Role Mappings > Client Roles > realm-management** and add the following Role Mappings to all users or groups that need to query the Keycloak users. +** query-users +** query-groups +** view-users + == 在 Rancher 中配置 Keycloak . 在 Rancher UI 中,单击 *☰ > 用户 & 认证*。