Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

no groups from keycloak #26

Closed
1337andre opened this issue Nov 16, 2018 · 1 comment
Closed

no groups from keycloak #26

1337andre opened this issue Nov 16, 2018 · 1 comment

Comments

@1337andre
Copy link

Hi,

we have the Problem to retrieve groups from our keycloak/redat-sso (rh-sso version: 7.2.4) Server.

I have added the group kubernetes:admin and joined the group with my user. When i kubelogin all is fine, but the group ist not set

$ cat /etc/kubernetes/manifests/kube-apiserver.manifest  | grep oidc
    - --oidc-issuer-url=https://xxx/auth/realms/yyy
    - --oidc-client-id=kubernetes
    - --oidc-groups-claim=groups

kube config

current-context: admin-cluster.local                                                                   
 kind: Config                                                                                           
 preferences: {}                                                                                        
 users:                                                                                                 
 - name: admin-cluster.local                                                                            
   user:          
     auth-provider:  
       config:
         client-id: kubernetes
         client-secret: 123456
         extra-scopes: profile,groups                                                                            
         idp-issuer-url: https://xxx/auth/realms/yyy                                
       name: oidc

my encoded jwt is looking like this.

{
  "jti": "7b340f28-7593-42b7-83dc-5c562f5f3976",
  "exp": 1542377562,
  "nbf": 0,
  "iat": 1542377262,
  "iss": "https://xxx/auth/realms/yyy",
  "aud": "kubernetes",
  "sub": "53a86d82-96c8-44dc-81d4-96fe7a98247c",
  "typ": "ID",
  "azp": "kubernetes",
  "auth_time": 1542377106,
  "session_state": "4736ad4e-fbd0-46d3-b6bd-a0d5c86f47f1",
  "acr": "0",
  "name": "last, first",
  "preferred_username": "lalala",
  "given_name": "full",
  "family_name": "last",
  "email": "first.last@xxx.de"
}
@1337andre
Copy link
Author

Hi, had to add group membership in client setting mapping.

Sorry for inconvenience

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@1337andre