<div dir="ltr">testuser has some roles in host B (testrole in this example), I want to put the roles as a claim in the token so when host A receives the token it maps the claim to roles in host A<div><br></div><div>I already did the second part (mapping in host A), but I still can't find out how to put the roles in a claim.</div><div><br><div class="gmail_extra"><br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
<br>
<br>
<br>
On 9/29/2015 3:42 PM, Gonzalo L?pez wrote:<br>
> I'm trying to test the Identity broker to achieve cross domain sso, this<br>
> is what I have done:<br>
><br>
> 1 - Installed jboss 6.4 eap + keycloak + keycloak eap6 adapter in host A<br>
> 2 - Installed jboss 6.4 eap + keycloak in host B<br>
> 3 - In host A, I added an oidc Identity Provider (importing host B<br>
> openid connect configuration).<br>
> 4 - In host A, I created an application (appa.war) that will try to use<br>
> the broker to authenticate. I added security to the app (only user with<br>
> role "user" will be able to access some parts)<br>
> 5 - In host B, I added 2 oidc clients (the broker from host A and appb,<br>
> appb (appb.war) is a simple application developed to log in using oidc)<br>
> 6 - In host B, I created a role "testrole" inside appb and a user<br>
> "testuser", then I added that role to the user.<br>
><br>
> I couldn't find out how to map the role "testrole" to a claim that will<br>
> be sent to the broker once the user has authenticated. Is there a way to<br>
> do that?<br>
><br>
> After I accomplish that I plan to map that claim to the role appa.user.<br>
><br>
<br>
OIDC and SAML Identity Providers have mappers. Host A broker will<br>
receive the token from Host B. You can map the testrole to whatever<br>
claim you want.<br>
<br>
<br>
--<br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a href="http://bill.burkecentral.com" rel="noreferrer" target="_blank">http://bill.burkecentral.com</a><br>
<br>
<br></blockquote></div></div></div></div>