Hi, there ,
Let me try to describe
the case first.
We are using
SAML 2.0 ID broker to authenticate the users.
From the
returned assertions, we can only get the user's ID number.
So far as we
know ,there will be thousands of users . In ID provider
system,
there is no
role concept ,so not possible to return us the Role claim.
Now we want
to assign roles to those users in keycloak . We made a rule .
For example,
if the ID number is less than 100, we assign Role A to this
user.
If ID number
is between 101 and 1000, we assign Role B to it , and so on.
Of course We
can do this manually one by one in admin console. but for
thousands of
users, it
doesn't make much sense.
We notice
there is a Mapper button when configuring the ID provider, is
there any way
to achieve
our goal with that mechanism?
Thanks a
lot.
Mai