<div dir="ltr">Roles are a Keycloak specific extension and are not shown in the OpenID Connect configuration. They are available in the access token.</div><div class="gmail_extra"><br><div class="gmail_quote">On 14 September 2016 at 08:52, Andy Stebbing <span dir="ltr"><<a href="mailto:andy.stebbing@adelaide.edu.au" target="_blank">andy.stebbing@adelaide.edu.au</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
I'm fairly new to OpenID Connect and Keycloak (using version 2.2.0-CR1 and RedHat SSO v7), I've managed to get a client working with a realm within Keycloak. I've configured the client in the realm using a shared key and have configured my remote client accordingly. It works fine for authentication and I'm getting the standard claims back. But I don't know how to get the roles associated with the user to come through. I can see in the endpoint OpenID connect configuration on the server that the following claims are supported:<br>
<br>
"claim_types_supported": [<br>
"normal"<br>
],<br>
"claims_parameter_supported": false,<br>
"claims_supported": [<br>
"sub",<br>
"iss",<br>
"auth_time",<br>
"name",<br>
"given_name",<br>
"family_name",<br>
"preferred_username",<br>
"email"<br>
]<br>
<br>
Does this mean that it's not possible to get the roles from the userinfo call? Or if it is possible, how do I configure it to be supported?<br>
<br>
Any help is very much appreciated !<br>
<br>
Thanks<br>
andy<br>
<br>
______________________________<wbr>_________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/<wbr>mailman/listinfo/keycloak-user</a><br>
</blockquote></div><br></div>