Sorry guys, any feedback?
On Fri, Feb 24, 2017 at 6:49 PM, Salvatore Incandela <
salvatore.incandela(a)redhat.com> wrote:
Yes in my case I've:
*Keycloak A* Shows the Login Form with the Usr and Pwd fields and the IDP
button. When I authenticate with IDP I want to import the user roles from
Keycloak B, here my configuration:
*Identity Provider Mappers *
*Mapper Type=Attribute Importer*
*Claim=hd_role*
*User Attribute Name=roles*
*Keycloak B* give the "full_access_role" to the user:
Client Mapper
Mapper Type=Hardcoded Role
name=hd_role
Role=full_access_role
This configuration doesn't work, how I have to configure Keycloak A in
order to import the roles from Keycloak B into the database?
On Fri, Feb 24, 2017 at 4:55 PM, Bill Burke <bburke(a)redhat.com> wrote:
> You mean you are doing identity brokering with a parent keycloak
> instance? Look at Mappers. There are "Claim to Role" and "External
> Role To Role" mappers. The tooltips will explain what they do. What
> you have to do is map claims from the external IDP into user attributes
> and role mappings for the user imported into your Keycloak instance.
> Then you map from the common user model to the token claims you want
> generated for your application. Hope that makes sense.
>
>
> On 2/24/17 10:36 AM, Salvatore Incandela wrote:
> > Hi guys, I've done several tries but I'm still having the same
> question: is
> > possible to populate user roles given by an identity provider (another
> > keycloak instance) getting those from the json claim?
> >
> > On Thu, Feb 23, 2017 at 5:56 PM, Salvatore Incandela <
> > salvatore.incandela(a)redhat.com> wrote:
> >
> >> Hi guys, is possible to populate user roles given by an identity
> provider
> >> (another keycloak instance) getting those from the json claim?
> >>
> >> --
> >> Salvatore Incandela
> >> Middleware Consultant
> >> ------------------------------
> >> Red Hat -
www.redhat.com
> >> Via Andrea Doria 41M
> >> 00192 Roma (Italy)
> >> Mobile +39 349 6196615 <+39%20349%20619%206615>
> >> Fax +39 06 39728535 <+39%2006%203972%208535>
> >> E-mail salvatore.incandela(a)redhat.com
> >>
> >
> >
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Salvatore Incandela
Middleware Consultant
------------------------------
Red Hat -
www.redhat.com
Via Andrea Doria 41M
00192 Roma (Italy)
Mobile +39 349 6196615 <+39%20349%20619%206615>
Fax +39 06 39728535 <+39%2006%203972%208535>
E-mail salvatore.incandela(a)redhat.com
--
Salvatore Incandela
Middleware Consultant
------------------------------
Red Hat -
Via Andrea Doria 41M
00192 Roma (Italy)
Mobile +39 349 6196615
Fax +39 06 39728535
E-mail salvatore.incandela(a)redhat.com