<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 01/08/16 11:16, Cedric Falletta
wrote:<br>
</div>
<blockquote
cite="mid:1C804824EDF10B4AA15EC8C813517738015E3D06FE@QUIQUILFUS.lampiris.local"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Hello,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span lang="EN-US">I recently installed
keycloak 2.0.0 and I’m having troubles retrieving the roles
of my users in the access token.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">I made a simple test in
which I created a user “WebUser” and a group
“GROUP-Website”. I added the role “GROUP-Website” to my
“WebUser” and then assigned the role “ROLE-Website” to this
group. User should then inherit from this role.</span></p>
</div>
</blockquote>
Yes, it should work and role should be inherited. So you either
mis-configure something, or your client doesn't have scope mapping
for that role maybe? You can try with switch "Full scope allowed"
enabled and see if it helps.<br>
<br>
Marek<br>
<br>
<blockquote
cite="mid:1C804824EDF10B4AA15EC8C813517738015E3D06FE@QUIQUILFUS.lampiris.local"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">I then configured a
client which maps groups and roles to my access tokens. It
works well, but I can’t find “ROLE-Website”. Note that if I
add a specific role directly to the user, it will be present
in the access token. My problem here is then only related to
the roles of my groups not being assigned to the user.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">As far as I understood
from other issues, these roles should be present in the
token. Can you then tell me if I somehow misconfigured the
client or the mapper ?<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Thank you,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Cédric<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
<div style="font-size:11pt; color: #00552E; font-family:
Helvetica, arial ,sans-serif;">
</div>
<div style="background-color:transparent;">
<div style="font-size:11pt; color: #00552E; font-family:
Helvetica, arial ,sans-serif;">
<br>
<b>Lampiris SA/NV</b><br>
<span style="colour:#00552E">Rue Saint-Laurent, 54. 4000 -
Liège. Belgique</span></div>
</div>
<div><a moz-do-not-send="true" href="https://www.lampiris.be/isol"><img
moz-do-not-send="true" alt="Lampiris"
src="https://tools.lampiris.be/maillingbe/Lampiris-signature.png"></a></div>
<table style="max-width: 400px; font-size: 9pt; font-family:
helvetica, arial, sans-serif; color: #00552E;">
<tbody>
<tr>
<td style="padding-right:4px;padding-bottom:4px;"><a
moz-do-not-send="true"
href="https://facebook.com/lampirisEU" style=" display:
inline-block; text-decoration: none;" target="_blank"><img
moz-do-not-send="true" alt="Facebook"
src="https://tools.lampiris.be/maillingbe/pictos-social-facebook.jpg"
style="border:none;" height="30" width="30"></a></td>
<td style="padding-right:4px;padding-bottom:4px;"><a
moz-do-not-send="true"
href="https://twitter.com/lampiris" style=" display:
inline-block; text-decoration: none;" target="_blank"><img
moz-do-not-send="true" alt="Twitter"
src="https://tools.lampiris.be/maillingbe/pictos-social-twitter.jpg"
style="border:none;" height="30" width="30"></a></td>
<td style="padding-right:4px;padding-bottom:4px;"><a
moz-do-not-send="true"
href="https://www.linkedin.com/company/lampiris" style="
display: inline-block; text-decoration: none;"
target="_blank"><img moz-do-not-send="true"
alt="LinkedIn"
src="https://tools.lampiris.be/maillingbe/pictos-social-link.jpg"
style="border:none;" height="30" width="30"></a></td>
<td style="padding-right:4px;padding-bottom:4px;"><a
moz-do-not-send="true"
href="https://plus.google.com/110992956589822085996"
style=" display: inline-block; text-decoration: none;"
target="_blank"><img moz-do-not-send="true"
alt="Google+"
src="https://tools.lampiris.be/maillingbe/pictos-social-G.jpg"
style="border:none;" height="30" width="30"></a></td>
<td style="padding-right:4px;padding-bottom:4px;"><a
moz-do-not-send="true"
href="https://youtube.com/user/lampirismedia" style="
display: inline-block; text-decoration: none;"
target="_blank"><img moz-do-not-send="true"
alt="YouTube"
src="https://tools.lampiris.be/maillingbe/pictos-social-youtube.jpg"
style="border:none;" height="30" width="30"></a></td>
<td style="padding-right:4px;padding-bottom:4px;"><a
moz-do-not-send="true"
href="https://instagram.com/lampiris" style=" display:
inline-block; text-decoration: none;" target="_blank"><img
moz-do-not-send="true" alt="Instagram"
src="https://tools.lampiris.be/maillingbe/pictos-social-insta.jpg"
style="border:none;" height="30" width="30"></a></td>
</tr>
</tbody>
</table>
<p style="font-size:8pt; color: #00552E; line-height:10pt;
font-family: 'Helvetica','arial',sans-serif;">
Please consider the environment before printing this e-mail</p>
<p style="font-size:8pt; line-height:10pt; font-family:
'Helvetica','arial',sans-serif;">
This message contains confidential information and is intended
only for the individual(s) addressed in the message.<br>
If you are not the addressee you are notified that
disseminating, distributing or copying this e-mail is strictly
prohibited.
</p>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</body>
</html>