<html><head><style>body{font-family:Helvetica,Arial;font-size:13px}</style></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;">Hello,</div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;"><br></div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;">I’m mailing here as I found a bug, but I’m not sure if it’s an expected result.</div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;"><br></div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;">According to the documentation (<a href="https://keycloak.gitbooks.io/server-adminstration-guide/content/topics/groups.html">https://keycloak.gitbooks.io/server-adminstration-guide/content/topics/groups.html</a>)</div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;"><br></div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;"><span style="color: rgb(51, 51, 51); font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; font-variant-ligatures: normal; letter-spacing: 0.2px; orphans: 3; widows: 3;">Groups in Keycloak allow you to manage a common set of attributes and role mappings for a set of users. Users can be members of zero or more groups. <b>Users inherit the attributes and role mappings assigned to each group</b>.</span></div><div><br></div><div>Then, I assume that if I assign a role to a group, and it appears in the ‘Effective Roles’ tab of the group, any user inside of the group will inherit the roles.</div><div><br></div><div>The problem: I’ve been testing with a simple OpenID Connect client in confidential mode, and the user doesn’t have any of this roles (I exposed Role as a mapper using User Realm Role mapper) and fetched the roles using an OIDC client.</div><div><br></div><div>However, if I assign the roles directly to the user, the roles are returned as expected, in the User Info endpoint.</div><div><br></div><div>Is it possible that there is a bug in the group system that is not giving the proper roles to the underneath users?</div><div><br></div><div>Thanks a lot for your time, and have a nice week!</div><br><div class="bloop_sign" id="bloop_sign_1474989213917261056"><div style="font-family:helvetica,arial;font-size:13px">— </div><div style="font-family:helvetica,arial;font-size:13px">Best Regards, </div><div style="font-family:helvetica,arial;font-size:13px"><br>Erik Berdonces Bonelo<br></div></div></body></html>