Re: [keycloak-user] [Keycloak][Get identity provides roles]

You mean you are doing identity brokering with a parent keycloak instance? Look at Mappers. There are "Claim to Role" and "External Role To Role" mappers. The tooltips will explain what they do. What you have to do is map claims from the external IDP into user attributes and role mappings for the user imported into your Keycloak instance. Then you map from the common user model to the token claims you want generated for your application. Hope that makes sense. On 2/24/17 10:36 AM, Salvatore Incandela wrote: > Hi guys, I've done several tries but I'm still having the same question: is > possible to populate user roles given by an identity provider (another > keycloak instance) getting those from the json claim? > > On Thu, Feb 23, 2017 at 5:56 PM, Salvatore Incandela < > salvatore.incandela(a)redhat.com&gt; wrote: > >> Hi guys, is possible to populate user roles given by an identity provider >> (another keycloak instance) getting those from the json claim? >> >> -- >> Salvatore Incandela >> Middleware Consultant >> ------------------------------ >> Red Hat - www.redhat.com >> Via Andrea Doria 41M >> 00192 Roma (Italy) >> Mobile +39 349 6196615 <+39%20349%20619%206615> >> Fax +39 06 39728535 <+39%2006%203972%208535> >> E-mail salvatore.incandela(a)redhat.com >> > > _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user