Hi,

 

we are currently evaluating Keycloak as IDM solution for our company. In doing so we encountered the following questions according to storing authorization data:

 

1)      In the “Mapper” section it is possible to configure how user attributes are mapped to tokens/claims.  It is also possible to turn on “Multivalued” mapping, so that every value of one attribute is set as claim. But, how you can configure multiple values for one attribute? If you save another value with the same key the existing one is overwritten.

2)      One of requirements is to persist custom authorization data hierarchically and to map this data into access tokens. Is there any recommendation how to realize this in keycloak or is the only way to use flat user attributes (key/value).

 

Thanks, Sascha