[keycloak-user] Role to claim mapping

Bill Burke bburke at redhat.com
Wed Sep 30 10:26:43 EDT 2015 

I am confused on what you want to do.  Please talk in terms of Keycloak 
A, Keycloak B, App C, App D.

On 9/30/2015 9:23 AM, Gonzalo López wrote:
> testuser has some roles in host B (testrole in this example), I want to
> put the roles as a claim in the token so when host A receives the token
> it maps the claim to roles in host A
>
> I already did the second part (mapping in host A), but I still can't
> find out how to put the roles in a claim.
>
>
>
>
>
>
>     On 9/29/2015 3:42 PM, Gonzalo L?pez wrote:
>      > I'm trying to test the Identity broker to achieve cross domain
>     sso, this
>      > is what I have done:
>      >
>      > 1 - Installed jboss 6.4 eap + keycloak + keycloak eap6 adapter in
>     host A
>      > 2 - Installed jboss 6.4 eap + keycloak in host B
>      > 3 - In host A, I added an oidc Identity Provider (importing host B
>      > openid connect configuration).
>      > 4 - In host A, I created an application (appa.war) that will try
>     to use
>      > the broker to authenticate. I added security to the app (only
>     user with
>      > role "user" will be able to access some parts)
>      > 5 - In host B, I added 2 oidc clients (the broker from host A and
>     appb,
>      > appb (appb.war) is a simple application developed to log in using
>     oidc)
>      > 6 - In host B, I created a role "testrole" inside appb and a user
>      > "testuser", then I added that role to the user.
>      >
>      > I couldn't find out how to map the role "testrole" to a claim
>     that will
>      > be sent to the broker once the user has authenticated. Is there a
>     way to
>      > do that?
>      >
>      > After I accomplish that I plan to map that claim to the role
>     appa.user.
>      >
>
>     OIDC and SAML Identity Providers have mappers.  Host A broker will
>     receive the token from Host B.  You can map the testrole to whatever
>     claim you want.
>
>
>     --
>     Bill Burke
>     JBoss, a division of Red Hat
>     http://bill.burkecentral.com
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

More information about the keycloak-user mailing list