Group provisioning using OpenID Connect

Hi,

I successfully enabled login into Mobilizon using OpenID Connect with Keycloak as provider. In Keycloak I enabled as an additional claim the user roles. At the moment I don’t know how to tell Mobilizon to make use of that claim, yet, if it’s even possible at all. Does Mobilizon support that?

Masin

Hello,
I’m not sure I fully understand your use case.
Mobilizon supports SSO but not « role » management.

But this is an interesting topic. Feel free to share more about your project.

Hi Lahax,

thanks for your response. First, I need to clarify my wording. I wrote of « group provisioning » but forgot that « groups » might have a different meaning in Mobilizon. These are not what I’m talking about!

Mobilizon knows of 3 different roles –user, mod and admin–, and I’d like for users I have in Keycloak to assign those roles in Keycloak and have Mobilizon pick them up on login. I could provide an additional claim in OIDC but I’d like to know if Mobilizon is able to make use of such a claim, and if so how to tell which claim to evaluate.

In my case I want to provide my users with different services, not only Mobilizon. Instead of assigning roles in each service I’d like to do this centrally in Keycloak.

Masin

Hi Masin,

Do you know of any other software that are providing this integration ?

We plan to investigate SCIM for this kind of use case.