Re: [keycloak-user] Role to claim mapping

testuser has some roles in host B (testrole in this example), I want to put the roles as a claim in the token so when host A receives the token it maps the claim to roles in host A I already did the second part (mapping in host A), but I still can't find out how to put the roles in a claim. On 9/29/2015 3:42 PM, Gonzalo L?pez wrote: > I'm trying to test the Identity broker to achieve cross domain sso, this > is what I have done: > > 1 - Installed jboss 6.4 eap + keycloak + keycloak eap6 adapter in host A > 2 - Installed jboss 6.4 eap + keycloak in host B > 3 - In host A, I added an oidc Identity Provider (importing host B > openid connect configuration). > 4 - In host A, I created an application (appa.war) that will try to use > the broker to authenticate. I added security to the app (only user with > role "user" will be able to access some parts) > 5 - In host B, I added 2 oidc clients (the broker from host A and appb, > appb (appb.war) is a simple application developed to log in using oidc) > 6 - In host B, I created a role "testrole" inside appb and a user > "testuser", then I added that role to the user. > > I couldn't find out how to map the role "testrole" to a claim that will > be sent to the broker once the user has authenticated. Is there a way to > do that? > > After I accomplish that I plan to map that claim to the role appa.user. > OIDC and SAML Identity Providers have mappers. Host A broker will receive the token from Host B. You can map the testrole to whatever claim you want. -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user