[keycloak-user] External Role to Role Mapper

Hynek Mlnarik hmlnarik at redhat.com
Thu Apr 20 04:35:44 EDT 2017 

Could you please file a JIRA issue? The External Role to Role mapper
is OIDC-specific, while the KEYCLOAK-4378 fixed an issue with SAML
attribute mapper.

--Hynek

On Thu, Apr 20, 2017 at 7:48 AM, Adam Keily <adam.keily at adelaide.edu.au> wrote:
> Found this and thought it may have been resolved in 2.5.5. Upgraded and tested again but Role mappings are still not being updated correctly.
>
> https://issues.jboss.org/browse/KEYCLOAK-4378?jql=project%20%3D%20keycloak%20and%20fixVersion%20%3D%202.5.4.Final
>
> -----Original Message-----
> From: keycloak-user-bounces at lists.jboss.org [mailto:keycloak-user-bounces at lists.jboss.org] On Behalf Of Adam Keily
> Sent: Thursday, 20 April 2017 11:59 AM
> To: keycloak-user <keycloak-user at lists.jboss.org>
> Subject: [keycloak-user] External Role to Role Mapper
>
> Hi All,
>
> I'm running KC 2.5.1. In the following scenario. The role mapper 'External Role to Role' doesn't seem to work correctly.
>
> I have two KC realms. Realm A is an IdP for Realm B. In the IdP config on realm B, I configure a External Role to Role mapper to map the role "Test".
>
> During the first broker login of a user from Realm B to Realm A, the user is created and the role is mapped successfully.
>
> If the role is removed from the user in Realm A, then the user signs in again from Realm B, the role is not re-added.
>
> Similarly, the role is not added if there is an existing user in Realm A and they create a federation link with Realm B.
>
> I have noticed an error though if I try to map to a non-existant role in Realm A.
>
> Can anyone tell me if this is by design, resolved in a later release or an issue I should raise a JIRA about?
>
> Thanks
> Adam
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user



-- 

--Hynek

More information about the keycloak-user mailing list