[keycloak-user] Update roles at login time between 2 realms

[Thibault Vernadat]

Hello,

What I am trying to achieve is the following :

I have two realms with one client each. Let's call them realm A and realm B.

Users from realm B can access my application of realm A, because I added 
realm B as a keycloak openid connect identity provider in realm A.

First time a user from real B access my realm A client, this creates a 
user in realm A for this client, and I map some roles for this client.

So far so good. My issue now is : let's say my client initially had a 
role R in realm B, and at first login this role was mapped for this user 
in realm A, if the realm B admin remove role R from this user, I want 
this role to be removed as well in realm A. Or added if a new role that 
should be mapped was added.

Is there a way to update roles next time this user try to authenticate 
in the realm A app ? Or should I use another mechanism to keep my roles 
consistent between my realms ?

Thanks a lot in advance for your help.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160520/abddbf76/attachment.html