Re: [keycloak-user] [Keycloak][Get identity provides roles]
You mean you are doing identity brokering with a parent keycloak
instance? Look at Mappers. There are "Claim to Role" and "External
Role To Role" mappers. The tooltips will explain what they do. What
you have to do is map claims from the external IDP into user attributes
and role mappings for the user imported into your Keycloak instance.
Then you map from the common user model to the token claims you want
generated for your application. Hope that makes sense.
On 2/24/17 10:36 AM, Salvatore Incandela wrote:
Hi guys, I've done several tries but I'm still having the
same question: is
possible to populate user roles given by an identity provider (another
keycloak instance) getting those from the json claim?
On Thu, Feb 23, 2017 at 5:56 PM, Salvatore Incandela <
salvatore.incandela(a)redhat.com> wrote:
> Hi guys, is possible to populate user roles given by an identity provider
> (another keycloak instance) getting those from the json claim?
>
> --
> Salvatore Incandela
> Middleware Consultant
> ------------------------------
> Red Hat - www.redhat.com
> Via Andrea Doria 41M
> 00192 Roma (Italy)
> Mobile +39 349 6196615 <+39%20349%20619%206615>
> Fax +39 06 39728535 <+39%2006%203972%208535>
> E-mail salvatore.incandela(a)redhat.com
>