Hi there, after a longer journey in the internet, I am starting to wonder whether it’s even possible to achieve group syncing without doing rolemappings first. This extra step makes Keycloak impossible to use for organizations that rotate a ton of groups regularely.
…then i wonder if there could be a workaround, perhaps with a script running via cron? That would create assigned roles to groups, even tho that wouldn’t be very pretty.
It would be amazing if somebody had a helpful pointer for me.
I haven’t found a way for nextcloud to create the groups on-demand via whatever the user has assigned in KeyCloak.
However this works:
Create a group with a role mapping for the client, lets call the group “xyz”.
Then on the nextcloud instance run ‘cd /var/www/html && php occ group:add xyz’
After the user logs in with SSO, ‘cd /var/www/html && php occ group:list’ should list the following:
- admin:
- admin
- xyz:
- usernameA
Not sure how spot on this is to everyone’s needs, but works pretty reliably for smaller instances and with “Group folders” which was my main concern.