[keycloak-dev] Bug in User Roles inherited from Groups
Erik Berdonces Bonelo
e.berdoncesbonelo at campus.tu-berlin.de
Tue Sep 27 11:22:03 EDT 2016
Hello,
I’m mailing here as I found a bug, but I’m not sure if it’s an expected result.
According to the documentation (https://keycloak.gitbooks.io/server-adminstration-guide/content/topics/groups.html)
Groups in Keycloak allow you to manage a common set of attributes and role mappings for a set of users. Users can be members of zero or more groups. Users inherit the attributes and role mappings assigned to each group.
Then, I assume that if I assign a role to a group, and it appears in the ‘Effective Roles’ tab of the group, any user inside of the group will inherit the roles.
The problem: I’ve been testing with a simple OpenID Connect client in confidential mode, and the user doesn’t have any of this roles (I exposed Role as a mapper using User Realm Role mapper) and fetched the roles using an OIDC client.
However, if I assign the roles directly to the user, the roles are returned as expected, in the User Info endpoint.
Is it possible that there is a bug in the group system that is not giving the proper roles to the underneath users?
Thanks a lot for your time, and have a nice week!
—
Best Regards,
Erik Berdonces Bonelo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160927/fffe263d/attachment.html
More information about the keycloak-dev
mailing list