Hello guys,
I’m new to the Zammad community and recently I have installed and configured Zammad in a docker container, at first I have synced my users from LDAP. And Roles are also mapped from LDAP.
I tried configuring SAML SSO authentication with Keycloak as IdP.
After authentication it redirects me to the Zammad portal without the roles.
Following are the details:
Used Zammad version: 3.7
Used Zammad installation source: Docker
Operating system: Debian GNU/Linux 10
Browser + version: Firefox and chrome (latest)
I’m stuck at following points. Need tech assistance
How to configure/sync the roles either from IdP or from LDAP after authentication ?
Is there anyway I can customized the SAML metadata for Zammad ?
I’m afraid that’s correct.
Zammad expects these attributes:
Name
EmailAddress-Email
Mapper Type
User Property
Property
emailAddress
SAML Attribute Name
email
SAML Attribute NameFormat
basic
This excludes roles. Roles are in general ignored by Zammad in this regard.
The only way to achieve what you want would be to synchronize your ldap source (which should contain the same user base) and allow them to login via SAML. This should provide the required role permissions.
Alternatively you could also apply agent or admin roles once to the user as Zammad will not overwrite them if not ldap sync is in place.
Note that this doesn’t matter to customer users, as Zammad will apply the default signup role for that.
No, sorry.
Zammad does not provide such a functionality, I’m sorry.