Manually create a group in the Keycloak Shasta
realm. New groups can be created with the Keycloak UI. In CSM, Keycloak groups must have the cn
and gidNumber
attributes,
otherwise the keycloak-users-localize
tool will fail to export the groups.
New Keycloak groups can be used to group users for authentication.
This procedure assumes that the password for the Keycloak admin
account is known. The Keycloak password is set during the software installation process.
(ncn-mw#
) The password can be obtained with the following command:
kubectl get secret -n services keycloak-master-admin-auth --template={{.data.password}} | base64 --decode
Log in to the administration console.
See Access the Keycloak User Management UI for more information.
Click the Groups
text in the Manage
section in the navigation area on the left side of the screen.
Click the Create Group
button in the groups table header.
Provide a unique name for the new group and click the Save
button.
Click on the group you wish to manage.
Navigate to the Attributes
tab.
Add the cn
attribute.
Set the Key
to cn
.
Set the Value
to the name of the group.
Click the Save
button on the bottom.
Add the gidNumber
attribute.
Set the Key
to gidNumber
.
Set the Value
to the gidNumber
of the group.
Click the Save
button on the bottom.
Once the groups are added to Keycloak, add users to the groups and follow the instructions in Re-Sync Keycloak Users to Compute Nodes in order to update the groups on the compute nodes.