[keycloak-user] Role to claim mapping

Gonzalo López lopez.m.gonzalo at gmail.com
Wed Sep 30 09:23:59 EDT 2015


testuser has some roles in host B (testrole in this example), I want to put
the roles as a claim in the token so when host A receives the token it maps
the claim to roles in host A

I already did the second part (mapping in host A), but I still can't find
out how to put the roles in a claim.



>
>
>
> On 9/29/2015 3:42 PM, Gonzalo L?pez wrote:
> > I'm trying to test the Identity broker to achieve cross domain sso, this
> > is what I have done:
> >
> > 1 - Installed jboss 6.4 eap + keycloak + keycloak eap6 adapter in host A
> > 2 - Installed jboss 6.4 eap + keycloak in host B
> > 3 - In host A, I added an oidc Identity Provider (importing host B
> > openid connect configuration).
> > 4 - In host A, I created an application (appa.war) that will try to use
> > the broker to authenticate. I added security to the app (only user with
> > role "user" will be able to access some parts)
> > 5 - In host B, I added 2 oidc clients (the broker from host A and appb,
> > appb (appb.war) is a simple application developed to log in using oidc)
> > 6 - In host B, I created a role "testrole" inside appb and a user
> > "testuser", then I added that role to the user.
> >
> > I couldn't find out how to map the role "testrole" to a claim that will
> > be sent to the broker once the user has authenticated. Is there a way to
> > do that?
> >
> > After I accomplish that I plan to map that claim to the role appa.user.
> >
>
> OIDC and SAML Identity Providers have mappers.  Host A broker will
> receive the token from Host B.  You can map the testrole to whatever
> claim you want.
>
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150930/cc717a21/attachment-0001.html 


More information about the keycloak-user mailing list