[keycloak-user] External Role to Role Mapper

Adam Keily adam.keily at adelaide.edu.au
Wed Apr 19 22:28:31 EDT 2017


Hi All,

I'm running KC 2.5.1. In the following scenario. The role mapper 'External Role to Role' doesn't seem to work correctly.

I have two KC realms. Realm A is an IdP for Realm B. In the IdP config on realm B, I configure a External Role to Role mapper to map the role "Test".

During the first broker login of a user from Realm B to Realm A, the user is created and the role is mapped successfully.

If the role is removed from the user in Realm A, then the user signs in again from Realm B, the role is not re-added.

Similarly, the role is not added if there is an existing user in Realm A and they create a federation link with Realm B.

I have noticed an error though if I try to map to a non-existant role in Realm A.

Can anyone tell me if this is by design, resolved in a later release or an issue I should raise a JIRA about?

Thanks
Adam


More information about the keycloak-user mailing list