<div dir="ltr">Perhaps a little too quick to email ... I just found the "Group Membership" option in the client mapper which would work nicely. Is there a role version of this out of interest?</div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Feb 22, 2016 at 5:33 PM, gambol <span dir="ltr"><<a href="mailto:gambol99@gmail.com" target="_blank">gambol99@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hiya ...<div><br></div><div>I was wondering if it's possible as of 1.9.0 to change or map the roles of a user into new claim .. The reason I ask is <a href="https://github.com/kubernetes/kubernetes/pull/21001/files" target="_blank">https://github.com/kubernetes/kubernetes/pull/21001/files</a>. I know the current implementation uses something akin to the below in the access token.</div><div><br></div><div><div>"resource_access": {</div><div> "client_id": {</div><div> "roles": [</div><div> "role-a",</div><div> "role-b",</div><div> "role-c"</div><div> ]</div><div> },</div><div> "account": {</div><div> "roles": [</div><div> "view-profile",</div><div> "manage-account"</div><div> ]</div><div> }</div><div> },</div></div><div><br></div><div>Any chance via a mapper we could use an string array?</div><div><br></div><div>Rohith</div></div>
</blockquote></div><br></div>