Hi Alessio,
Thank you for your quick reply.
Yes, I assigned the role to the user in Keycloak. I’m thinking that it’s the way I’m implementing the authentication chain. It’s useful to know that the user roles should all be picked up by Geoserver, and that what I’m trying should indeed work. I suspect it’s the way I’m defining the rules, but will investigate further and report back once I’ve solved the issue.
Many thanks for your help,
Andy
On Tuesday, 21 January 2020, 13:01:54 GMT, Alessio Fabiani alessio.fabiani@anonymised.com wrote:
Hello Andrew,
in theory the role should be mapped to the user. You shouldn’t need a new role service.
Have you assigned the new role to the user on Keycloak “geoserver-cleint” as shown at point 4?
Il giorno mar 21 gen 2020 alle ore 13:24 Andrew Chamberlain via Geoserver-users <geoserver-users@lists.sourceforge.net> ha scritto:
Hi All,
I’m in the process of integrating Keycloak in the manner described here:
https://docs.geoserver.org/latest/en/user/community/keycloak/index.html
This all works fine, but when I’m getting unexpected results when adding further roles to protect individual layers. Having added the new role in both Keycloak and Geoserver, and then a rule to give that role read access to a particulat layer, the layer in question disappears from the layer preview, rather than being the only one available. The Keycloak user being used to login has the role mapped to them, and their name appears in the top-right to indicate Geoserver has picked up the identity.
The roles must be getting passed, as the use of ROLE_AUTHENTICATED wouldn’t work otherwise. Do I need to add a Role Service, in addition to the Keycloak Adapter?
Any help would be much appreciated.
Many thanks,
Andy
Geoserver 2.15.2
Keycloak 4.8.13
Geoserver-users mailing list
Please make sure you read the following two resources before posting to this list:
If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
–
==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
Ing. Alessio Fabiani
@alfa7691
Founder/Technical Lead
GeoSolutions S.A.S.
Via di Montramito 3/A - 55054 Massarosa (LU) - Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 331 6233686
Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia.
This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail.