Java EE requires a flat role scheme. In this case, what you would have
to do is define some client mappers (Role Name Mapper) that maps a role
into another role name in the JWT claim. Then in your client
keycloak.json file pick either "use-resource-role-mappings" : false or
true depending on how you've mapped it.
On 8/2/2015 12:39 PM, Tim Dudgeon wrote:
Thanks. That does the job.
So its either realm roles or client roles, but there's no option to have
the union of both?
Tim
On 02/08/2015 14:08, Bill Burke wrote:
> Your client adapter config should have:
>
> "use-resource-role-mappings" : false,
>
> On 8/2/2015 4:04 AM, Tim Dudgeon wrote:
>> Because that doesn't seem to work. I already tried it.
>> I added a realm role to a user, but it does not allow to authenticate
>> from a client app.
>> In my understanding realm roles are for managing the realm, not for
>> client applications?
>>
>> Tim
>>
>> On 02/08/2015 04:31, Tair Sabirgaliev wrote:
>>> Why not specify roles at realm level and apply them once for a user?
>>>
>>>
http://keycloak.github.io/docs/userguide/html/roles.html
>>>
>>>
>>>> On 2 авг. 2015 г., at 3:03, Tim Dudgeon <tdudgeon.ml(a)gmail.com>
wrote:
>>>>
>>>> I have a keycloak realm that contains a number of clients (app1, app2,
>>>> app3 ...).
>>>> Those clients share a set of common roles (user, editor, manager ...).
>>>> Is there a way I can directly assign those roles to the keycloak user so
>>>> that they apply across all clients?
>>>> The only approach I can find is to set up each of those roles for every
>>>> client (e.g. for 5 clients set up 5 sets of identical roles) and then
>>>> for each client apply the relevant roles to each of the users (e.g.
>>>> repeat the same process for every user/client combination).
>>>> Is there a better way?
>>>>
>>>> Thanks
>>>> Tim
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user(a)lists.jboss.org
>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user