[keycloak-user] Group's attributes not being mapped to users?

Andy Yar andyyar66 at gmail.com
Mon Jun 11 09:51:19 EDT 2018


Hello,
I use Keycloak 3.4.1.Final and keycloak-js NPM package as client.

My use case employs a single level group hierarchy and users who
belong to one of the groups. Each group has an attribute.

For example attribute department_full_name. Thus users working in the
same department could be grouped together and each would inherit its
department_full_name attribute from the group.

This way it feels natural to me.

I've googled a relevant discussion:
http://lists.jboss.org/pipermail/keycloak-user/2015-December/004042.html

Also the Server Administration confirms this behavior by stating: "The
Attributes and Role Mappings tab work exactly as the tabs with similar
names under a user. Any attributes and role mappings you define will
be inherited by the groups and users that are members of this group."

However, it doesn't seem to work for me using Bearer OpenID Connect
scheme. Decoded JWT structure simply doesn't contain my mapped
attribute (in id_token or access_token). It contains both roles mapped
from group and directly set user's attribute but not the group mapped
attribute...

Am I missing something obvious here? Thanks

Andy


More information about the keycloak-user mailing list