[keycloak-user] Role to claim mapping

Gonzalo López lopez.m.gonzalo at gmail.com
Tue Sep 29 15:42:21 EDT 2015

I'm trying to test the Identity broker to achieve cross domain sso, this is
what I have done:

1 - Installed jboss 6.4 eap + keycloak + keycloak eap6 adapter in host A
2 - Installed jboss 6.4 eap + keycloak in host B
3 - In host A, I added an oidc Identity Provider (importing host B openid
connect configuration).
4 - In host A, I created an application (appa.war) that will try to use the
broker to authenticate. I added security to the app (only user with role
"user" will be able to access some parts)
5 - In host B, I added 2 oidc clients (the broker from host A and appb,
appb (appb.war) is a simple application developed to log in using oidc)
6 - In host B, I created a role "testrole" inside appb and a user
"testuser", then I added that role to the user.

I couldn't find out how to map the role "testrole" to a claim that will be
sent to the broker once the user has authenticated. Is there a way to do

After I accomplish that I plan to map that claim to the role appa.user.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150929/0f16e063/attachment.html 

More information about the keycloak-user mailing list