EsperoTech
Unable to map Keycloak Group to Admin in Yaade
Hi!
I searched but only found information about the default group.
I couldn't find any reference to the groupsFilter value in the documentation.
My configuration is as follows:
{
"providers": [{
"id": "keycloak-provider",
"label": "Login with Keycloak",
"provider": "keycloak",
"params": {
"clientId": "yaade-openid",
"clientSecret": "XXX",
"callbackUrl": "http://localhost:9339/callback-keycloak",
"authorizeUrl": "https://XXX/realms/master/protocol/openid-connect/auth",
"tokenUrl": "https://XXX/realms/master/protocol/openid-connect/token",
"site": "https://XXX/realms/master",
"fields": {
"username": "/preferred_username",
"groups": "/groups",
"defaultGroups": ["users"]
},
"scopes": ["openid", "email", "profile"]
}
}]
}
I need to map the Admin group from Keycloak to admin in Yaade.
Thank you.
It should work out of the box. Did you inspect your token if it actually has the admin group in your /groups field? It must be an exact match.
Yup, that worked. Thank you very much!
For anybody looking for this in the future, the way I got Yaade to work with Authentik was the following config:
{
"providers": [{
"id": "authentik",
"label": "Login with Authentik",
"provider": "oidc-discovery",
"params": {
"clientId": "SECRET",
"clientSecret": "VERYLONGSECRET",
"authorizeUrl": "https://id.myhomelab/application/o/authorize/",
"tokenUrl": "https://id.myhomelab/application/o/token/",
"callbackUrl": "https://yaade.myhomelab/callback-authentik",
"site": "https://id.myhomelab/application/o/yaade/",
"fields": {
"username": "/preferred_username",
"email": "/email",
"groups": "/groups",
"defaultGroups": ["users"]
},
"scopes": ["openid", "email", "profile"]
}
}]
}
in case it's helpful for anybody else.
Here, myhomelab is the domain I use for all of my self hosted homelab apps. So id.myhomelab is the URI for my Authentik install. Likewise, yaade.myhomelab is the URI for my Yaade installation.
This can be closed now. Again, thanks very much!
