Re: [keycloak-user] How to handle roles from IDP manually when securing a web application with Keycloak/SAML/Wildfly

Hello. I am facing some issues. I want to secure some simple web application with Keycloak/SAML and Wildfly. My set-up is a configured Keycloak Server and a local Wildfly server (10.1.0 Final) with the Keycloak and SAML adapter installed. In my test .war file exists a simple .html file which just says "Hello World". Also in the WEB-INF folder I have the web.xml which is configured like this: <?xml version="1.0" encoding="UTF-8"?> > <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" >   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" >   xsi:schemaLocation="http://java.sun.com/xml/ns/javaee > http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">     <display-name>Application Container</display-name>     <welcome-file-list>         <welcome-file>ApplicationContainer.html</welcome-file>     </welcome-file-list>                 <login-config>                                  <auth-method>KEYCLOAK-SAML</auth-method>                                 <realm-name>keycloak</realm-name>                 </login-config>     <security-constraint>         <display-name>Application Container Constraint</display-name>         <web-resource-collection>             <web-resource-name>All Resources</web-resource-name>             <url-pattern>/*</url-pattern>             <http-method>POST</http-method>             <http-method>GET</http-method>         </web-resource-collection>         <auth-constraint>             <role-name>hallo</role-name>         </auth-constraint>     </security-constraint> </web-app> My issue now is that this is working as long as I am sending the requested role from the IDP. But for the actual application I need to map the roles I am receiving to some local roles. I am not getting them directly from the IDP. Which brings me to the part where I thought I could use some login-module configuration from the standalone-configuration. I tried to configured this one in a file named jboss-web.xml. How am I going to achieve to be able to locally handle the role mapping? Thanks in advance. -- Linda “Amdocs’ email platform is based on a third-party, worldwide, cloud-based system. Any emails sent to Amdocs will be processed and stored using such system and are accessible by third party providers of such system on a limited basis. Your sending of emails to Amdocs evidences your consent to the use of such system and such processing, storing and access”. _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user