Skip to content

[RHDHBUGS-2481]: Add LDAP UUID sign-in resolver setup instructions#2042

Open
themr0c wants to merge 10 commits intoredhat-developer:mainfrom
themr0c:rhdhbugs-2481-ldap-uuid-resolver
Open

[RHDHBUGS-2481]: Add LDAP UUID sign-in resolver setup instructions#2042
themr0c wants to merge 10 commits intoredhat-developer:mainfrom
themr0c:rhdhbugs-2481-ldap-uuid-resolver

Conversation

@themr0c
Copy link
Copy Markdown
Member

@themr0c themr0c commented Apr 14, 2026

IMPORTANT: Do Not Merge - To be merged by Docs Team Only

Version(s): 1.8+
Issue: https://issues.redhat.com/browse/RHDHBUGS-2481
Preview: https://redhat-developer.github.io/red-hat-developers-documentation-rhdh/pr-2042/control-access_authentication-in-rhdh/

Summary

  • Add new procedure proc-configure-the-ldap-uuid-sign-in-resolver-for-rhbk.adoc documenting how to set up the oidcLdapUuidMatchingAnnotation resolver when using Keycloak with LDAP user federation
  • Add oidcLdapUuidMatchingAnnotation to the Keycloak resolver reference list with xref to the new procedure
  • Include the new procedure in assembly-enable-authentication-with-rhbk.adoc

The procedure covers Keycloak client scope setup (custom ldap_uuid scope with User Attribute mapper) and RHDH resolver configuration (ldapUuidKey parameter).

Source material: redhat-developer/rhdh#2937, redhat-developer/rhdh#2980

🤖 Generated with Claude Code

Co-Authored-By: Claude Opus 4.6 noreply@anthropic.com

@themr0c @claude
[RHDHBUGS-2481]: Add LDAP UUID sign-in resolver setup instructions
0e5c5d8 
Add procedure for configuring the oidcLdapUuidMatchingAnnotation resolver
when using Keycloak with LDAP user federation. Covers Keycloak client scope
setup and RHDH resolver configuration. Also add the resolver to the
Keycloak resolver reference list.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@themr0c themr0c requested a review from JessicaJHee April 14, 2026 12:57
@rhdh-bot
Copy link
Copy Markdown
Collaborator

rhdh-bot commented Apr 14, 2026
edited
Loading

Content Quality Assessment Results

CQA Report

  • CQA-00a: Orphaned modules
  • CQA-00b: Directory structure
  • CQA-01: Vale AsciiDoc DITA compliance
  • CQA-02: Verify assembly structure
  • CQA-03: Verify content type metadata
  • CQA-04: Verify module templates
  • CQA-05: Verify required modular elements
  • CQA-06: Verify assemblies follow official template (one user story)
  • CQA-07: Verify TOC depth (max 3 levels)
  • CQA-08: Verify short description content quality
  • CQA-09: Verify short description format
  • CQA-10: Verify titles are brief, complete, and descriptive
  • CQA-11: Verify procedure prerequisites
  • CQA-12: Verify grammar and style (Vale)
  • CQA-13: Verify content matches declared type
  • CQA-14: Verify no broken links
  • CQA-15: Check redirects
  • CQA-16: Verify official product names
  • CQA-17: Verify legal disclaimers for preview features

Summary

Checks: 19 total, 19 pass, 0 fail

Automated CQA check run on the entire repository — 2026-04-15 18:26:32 UTC

@rhdh-bot
Copy link
Copy Markdown
Collaborator

rhdh-bot commented Apr 14, 2026
edited
Loading

Updated preview: https://redhat-developer.github.io/red-hat-developers-documentation-rhdh/pr-2042/ @ 4/15/2026, 6:33:54 PM

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Apr 15, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

JessicaJHee
JessicaJHee suggested changes Apr 15, 2026
View reviewed changes
Comment thread modules/shared/proc-configure-the-ldap-uuid-sign-in-resolver-for-rhbk.adoc
= Configure the LDAP UUID sign-in resolver for {rhbk-brand-name}

[role="_abstract"]
When you use {rhbk-brand-name} with LDAP user federation, you can configure the `oidcLdapUuidMatchingAnnotation` sign-in resolver to match users by their immutable LDAP UUID.
Copy link
Copy Markdown
Member

@JessicaJHee JessicaJHee Apr 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
When you use {rhbk-brand-name} with LDAP user federation, you can configure the `oidcLdapUuidMatchingAnnotation` sign-in resolver to match users by their immutable LDAP UUID.
When you use {rhbk-brand-name} with LDAP user federation, configure the `oidcLdapUuidMatchingAnnotation` sign-in resolver to match users by their immutable LDAP UUID for secure user resolution.

The idea is to make it clear that for production environments, we should recommend setting up this resolver for best security practices.

Comment thread modules/shared/proc-configure-the-ldap-uuid-sign-in-resolver-for-rhbk.adoc
. Go to *Clients* > your {product} client > *Client scopes*.
Click *Add client scope* and add `ldap_uuid` as a *Default* scope.

. Add the `oidcLdapUuidMatchingAnnotation` resolver to your `{my-app-config-file}` file:
Copy link
Copy Markdown
Member

@JessicaJHee JessicaJHee Apr 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This snippet is not mandatory. If ldapUuidKey is not configured, it'll default to ldap_uuid

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@JessicaJHee JessicaJHee JessicaJHee requested changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

Peer review needed 📖 Technical review needed 🔩 Test all the procedures

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@themr0c @rhdh-bot @JessicaJHee