Hi,
We’re using Keycloak 3.4.3 (upgrade to 4.x already planned) and use a Keycloak instance
(1) as external identity provider for another Keycloak instance (2) that runs in another
region. Unfortunately (2) can’t import the group membership (groups claim, array of group
names) from the JWT of (1).
It is possible to configure mapper
(
https://www.keycloak.org/docs/latest/server_admin/index.html#_mappers) but it seems that
it works for arbitrary user attributes and roles only.
Do you have any ideas how to import the group membership of the user?
Thanks!
Arnold