I’m considering migrating a custom authentication and authorization framework to KeyCloak.  I like KeyCloak’s authentication support and role to user mapping capabilities.  However, I haven’t seen a feature to replace the granular permission support we have in our custom framework.  We assign permissions to individual roles and use them to secure resources such as application pages, specific fields within a page, buttons, menu items, etc.

One option that may work is the Protocol Mapping feature mentioned in this blog post: http://blog.keycloak.org/2015/03/customizing-keycloak.html.  I would like to use a custom Protocol Mapper to store a permission map within a token for the roles associated with a user.  Can someone point me to documentation that outlines how to write a custom Protocol Mapper and configure KeyCloak to use it?  

Thanks,
Scott
CONFIDENTIALITY NOTICE This e-mail, including any attachments, may include confidential and/or proprietary information from Capson Corp. and/or its subsidiaries or affiliates, and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipient or his or her authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this e-mail is prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and delete this e-mail immediately.