[keycloak-user] common roles within multiple clients

Bill Burke bburke at redhat.com
Sun Aug 2 12:43:42 EDT 2015


Java EE requires a flat role scheme.  In this case, what you would have 
to do is define some client mappers (Role Name Mapper) that maps a role 
into another role name in the JWT claim.  Then in your client 
keycloak.json file pick either "use-resource-role-mappings" : false or 
true depending on how you've mapped it.

On 8/2/2015 12:39 PM, Tim Dudgeon wrote:
> Thanks. That does the job.
> So its either realm roles or client roles, but there's no option to have
> the union of both?
>
> Tim
>
> On 02/08/2015 14:08, Bill Burke wrote:
>> Your client adapter config should have:
>>
>>      "use-resource-role-mappings" : false,
>>
>> On 8/2/2015 4:04 AM, Tim Dudgeon wrote:
>>> Because that doesn't seem to work. I already tried it.
>>> I added a realm role to a user, but it does not allow to authenticate
>>> from a  client app.
>>> In my understanding realm roles are for managing the realm, not for
>>> client applications?
>>>
>>> Tim
>>>
>>> On 02/08/2015 04:31, Tair Sabirgaliev wrote:
>>>> Why not specify roles at realm level and apply them once for a user?
>>>>
>>>> http://keycloak.github.io/docs/userguide/html/roles.html
>>>>
>>>>
>>>>> On 2 авг. 2015 г., at 3:03, Tim Dudgeon <tdudgeon.ml at gmail.com> wrote:
>>>>>
>>>>> I have a keycloak realm that contains a number of clients (app1, app2,
>>>>> app3 ...).
>>>>> Those clients share a set of common roles (user, editor, manager ...).
>>>>> Is there a way I can directly assign those roles to the keycloak user so
>>>>> that they apply across all clients?
>>>>> The only approach I can find is to set up each of those roles for every
>>>>> client (e.g. for 5 clients set up 5 sets of identical roles) and then
>>>>> for each client apply the relevant roles to each of the users (e.g.
>>>>> repeat the same process for every user/client combination).
>>>>> Is there a better way?
>>>>>
>>>>> Thanks
>>>>> Tim
>>>>> _______________________________________________
>>>>> keycloak-user mailing list
>>>>> keycloak-user at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-user mailing list