[keycloak-user] Can't retrieve group roles in access token

Marek Posolda mposolda at redhat.com
Mon Aug 1 15:13:05 EDT 2016


On 01/08/16 11:16, Cedric Falletta wrote:
>
> Hello,
>
> I recently installed keycloak 2.0.0 and I’m having troubles retrieving 
> the roles of my users in the access token.
>
> I made a simple test in which I created a user “WebUser” and a group 
> “GROUP-Website”. I added the role “GROUP-Website” to my “WebUser” and 
> then assigned the role “ROLE-Website” to this group. User should then 
> inherit from this role.
>
Yes, it should work and role should be inherited. So you either 
mis-configure something, or your client doesn't have scope mapping for 
that role maybe? You can try with switch "Full scope allowed" enabled 
and see if it helps.

Marek

> I then configured a client which maps groups and roles to my access 
> tokens. It works well, but I can’t find “ROLE-Website”. Note that if I 
> add a specific role directly to the user, it will be present in the 
> access token. My problem here is then only related to the roles of my 
> groups not being assigned to the user.
>
> As far as I understood from other issues, these roles should be 
> present in the token. Can you then tell me if I somehow misconfigured 
> the client or the mapper ?
>
> Thank you,
>
> Cédric
>
>
> *Lampiris SA/NV*
> Rue Saint-Laurent, 54. 4000 - Liège. Belgique
> Lampiris <https://www.lampiris.be/isol>
> Facebook <https://facebook.com/lampirisEU> 	Twitter 
> <https://twitter.com/lampiris> 	LinkedIn 
> <https://www.linkedin.com/company/lampiris> 	Google+ 
> <https://plus.google.com/110992956589822085996> 	YouTube 
> <https://youtube.com/user/lampirismedia> 	Instagram 
> <https://instagram.com/lampiris>
>
> Please consider the environment before printing this e-mail
>
> This message contains confidential information and is intended only 
> for the individual(s) addressed in the message.
> If you are not the addressee you are notified that disseminating, 
> distributing or copying this e-mail is strictly prohibited.
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160801/21f8766c/attachment.html 


More information about the keycloak-user mailing list