7:30 a.m.
Hi,
I have setup a keycloak server and using an identity provider successfully setup SSO with
claims to role mappings. Is there any way to allow subsequent logons to recheck the
claims and reapply the role mappings so if they change in the identity provide system
those changes are passed through to Keycloak?
Thanks
Will
[/var/folders/zg/5xxh34t177b013xm4c89lzw00000gp/T/com.microsoft.Outlook/WebArchiveCopyPasteTempFiles/AeG8I8l0vp2nAAAAABJRU5ErkJggg==]
Will Osborn | Head of delivery
Phone +44 203 9301640
VAKT Global Ltd, Floor 24
1 Canada Square,
London, E14 5AB
Disclaimer: This e-mail and any attachment may contain information that is privileged or
confidential. It is intended solely for the use of the individual or entity to which it is
addressed. If you are not the intended recipient, please notify the author immediately by
telephone or by replying to this e-mail, and then delete all copies of the e-mail on your
system. If you are not the intended recipient, you must not use, disclose, distribute,
copy, print or rely on this e-mail.
Whilst we have taken reasonable precautions to ensure that this e-mail and any attachment
has been checked for viruses, we cannot guarantee that they are virus free and we cannot
accept liability for any damage sustained as a result of software viruses. We would advise
that you carry out your own virus checks, especially before opening an attachment.
VAKT Global Limited is registered in England and Wales under the Company Number 11295972.
Its registered office is Floor 24, 1 Canada Square, London, E14 5AB.
6:32 p.m.
Hi Will,
The claims are in fact reevaluated upon subsequent logons, but only in the aspect of role
revocation [1].
In other words, the role is revoked when the claim "disappears", but isn't
granted should the claim "appear". It's trivial to fix; I think you could
file a JIRA issue and maybe submit a PR. Meanwhile, you could implement and deploy your
own custom IdentityProviderMapper containing the fix.
[1]
https://github.com/keycloak/keycloak/blob/master/services/src/main/java/o...
Good luck,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info(a)acutus.pro
On Fri, 2019-01-18 at 13:30 +0000, Will Osborn wrote:
Hi,
I have setup a keycloak server and using an identity provider successfully setup SSO with
claims to role mappings. Is there any way to allow subsequent logons to recheck the
claims and reapply the role mappings so if they change in the identity provide system
those changes are passed through to Keycloak?
Thanks
Will
[/var/folders/zg/5xxh34t177b013xm4c89lzw00000gp/T/com.microsoft.Outlook/WebArchiveCopyPasteTempFiles/AeG8I8l0vp2nAAAAABJRU5ErkJggg==]
Will Osborn | Head of delivery
Phone +44 203 9301640
VAKT Global Ltd, Floor 24
1 Canada Square,
London, E14 5AB
Disclaimer: This e-mail and any attachment may contain information that is privileged or
confidential. It is intended solely for the use of the individual or entity to which it is
addressed. If you are not the intended recipient, please notify the author immediately by
telephone or by replying to this e-mail, and then delete all copies of the e-mail on your
system. If you are not the intended recipient, you must not use, disclose, distribute,
copy, print or rely on this e-mail.
Whilst we have taken reasonable precautions to ensure that this e-mail and any attachment
has been checked for viruses, we cannot guarantee that they are virus free and we cannot
accept liability for any damage sustained as a result of software viruses. We would advise
that you carry out your own virus checks, especially before opening an attachment.
VAKT Global Limited is registered in England and Wales under the Company Number 11295972.
Its registered office is Floor 24, 1 Canada Square, London, E14 5AB.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2164
days inactive
2182
days old
1 comments
2 participants
participants (2)
-
Dmitry Telegin -
Will Osborn