9:28 p.m.
Hi All,
I'm running KC 2.5.1. In the following scenario. The role mapper 'External Role to
Role' doesn't seem to work correctly.
I have two KC realms. Realm A is an IdP for Realm B. In the IdP config on realm B, I
configure a External Role to Role mapper to map the role "Test".
During the first broker login of a user from Realm B to Realm A, the user is created and
the role is mapped successfully.
If the role is removed from the user in Realm A, then the user signs in again from Realm
B, the role is not re-added.
Similarly, the role is not added if there is an existing user in Realm A and they create a
federation link with Realm B.
I have noticed an error though if I try to map to a non-existant role in Realm A.
Can anyone tell me if this is by design, resolved in a later release or an issue I should
raise a JIRA about?
Thanks
Adam
12:48 a.m.
Found this and thought it may have been resolved in 2.5.5. Upgraded and tested again but
Role mappings are still not being updated correctly.
https://issues.jboss.org/browse/KEYCLOAK-4378?jql=project%20%3D%20keycloa...
-----Original Message-----
From: keycloak-user-bounces(a)lists.jboss.org [mailto:keycloak-user-bounces@lists.jboss.org]
On Behalf Of Adam Keily
Sent: Thursday, 20 April 2017 11:59 AM
To: keycloak-user <keycloak-user(a)lists.jboss.org>
Subject: [keycloak-user] External Role to Role Mapper
Hi All,
I'm running KC 2.5.1. In the following scenario. The role mapper 'External Role to
Role' doesn't seem to work correctly.
I have two KC realms. Realm A is an IdP for Realm B. In the IdP config on realm B, I
configure a External Role to Role mapper to map the role "Test".
During the first broker login of a user from Realm B to Realm A, the user is created and
the role is mapped successfully.
If the role is removed from the user in Realm A, then the user signs in again from Realm
B, the role is not re-added.
Similarly, the role is not added if there is an existing user in Realm A and they create a
federation link with Realm B.
I have noticed an error though if I try to map to a non-existant role in Realm A.
Can anyone tell me if this is by design, resolved in a later release or an issue I should
raise a JIRA about?
Thanks
Adam
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3:35 a.m.
Could you please file a JIRA issue? The External Role to Role mapper
is OIDC-specific, while the KEYCLOAK-4378 fixed an issue with SAML
attribute mapper.
--Hynek
On Thu, Apr 20, 2017 at 7:48 AM, Adam Keily <adam.keily(a)adelaide.edu.au> wrote:
Found this and thought it may have been resolved in 2.5.5. Upgraded
and tested again but Role mappings are still not being updated correctly.
https://issues.jboss.org/browse/KEYCLOAK-4378?jql=project%20%3D%20keycloa...
-----Original Message-----
From: keycloak-user-bounces(a)lists.jboss.org
[mailto:keycloak-user-bounces@lists.jboss.org] On Behalf Of Adam Keily
Sent: Thursday, 20 April 2017 11:59 AM
To: keycloak-user <keycloak-user(a)lists.jboss.org>
Subject: [keycloak-user] External Role to Role Mapper
Hi All,
I'm running KC 2.5.1. In the following scenario. The role mapper 'External Role
to Role' doesn't seem to work correctly.
I have two KC realms. Realm A is an IdP for Realm B. In the IdP config on realm B, I
configure a External Role to Role mapper to map the role "Test".
During the first broker login of a user from Realm B to Realm A, the user is created and
the role is mapped successfully.
If the role is removed from the user in Realm A, then the user signs in again from Realm
B, the role is not re-added.
Similarly, the role is not added if there is an existing user in Realm A and they create
a federation link with Realm B.
I have noticed an error though if I try to map to a non-existant role in Realm A.
Can anyone tell me if this is by design, resolved in a later release or an issue I should
raise a JIRA about?
Thanks
Adam
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
--Hynek
7:22 p.m.
Thanks. In the JIRA for KEYCLOAK-4378 it's mentioned that the same issue would exist
with OIDC. I'm just wondering if it's expected behaviour or not for the Role to
Role mapper. I'd like to have one keycloak relam act as an IdP for another and would
like to map roles between the two.
Thanks
-----Original Message-----
From: Hynek Mlnarik [mailto:hmlnarik@redhat.com]
Sent: Thursday, 20 April 2017 6:06 PM
To: Adam Keily <adam.keily(a)adelaide.edu.au>
Cc: keycloak-user <keycloak-user(a)lists.jboss.org>
Subject: Re: [keycloak-user] External Role to Role Mapper
Could you please file a JIRA issue? The External Role to Role mapper is OIDC-specific,
while the KEYCLOAK-4378 fixed an issue with SAML attribute mapper.
--Hynek
On Thu, Apr 20, 2017 at 7:48 AM, Adam Keily <adam.keily(a)adelaide.edu.au> wrote:
Found this and thought it may have been resolved in 2.5.5. Upgraded
and tested again but Role mappings are still not being updated correctly.
https://issues.jboss.org/browse/KEYCLOAK-4378?jql=project%20%3D%20keyc
loak%20and%20fixVersion%20%3D%202.5.4.Final
-----Original Message-----
From: keycloak-user-bounces(a)lists.jboss.org
[mailto:keycloak-user-bounces@lists.jboss.org] On Behalf Of Adam Keily
Sent: Thursday, 20 April 2017 11:59 AM
To: keycloak-user <keycloak-user(a)lists.jboss.org>
Subject: [keycloak-user] External Role to Role Mapper
Hi All,
I'm running KC 2.5.1. In the following scenario. The role mapper 'External Role
to Role' doesn't seem to work correctly.
I have two KC realms. Realm A is an IdP for Realm B. In the IdP config on realm B, I
configure a External Role to Role mapper to map the role "Test".
During the first broker login of a user from Realm B to Realm A, the user is created and
the role is mapped successfully.
If the role is removed from the user in Realm A, then the user signs in again from Realm
B, the role is not re-added.
Similarly, the role is not added if there is an existing user in Realm A and they create
a federation link with Realm B.
I have noticed an error though if I try to map to a non-existant role in Realm A.
Can anyone tell me if this is by design, resolved in a later release or an issue I should
raise a JIRA about?
Thanks
Adam
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
--Hynek
2812
days inactive
2818
days old
3 comments
2 participants
participants (2)
-
Adam Keily -
Hynek Mlnarik