[keycloak-user] Update roles at login time between 2 realms
Bill Burke
bburke at redhat.com
Fri May 20 08:53:15 EDT 2016
A better question is, why are you using 2 realms and creating the same
user in each?
On 5/20/16 5:22 AM, Thibault Vernadat wrote:
> Hello,
>
> What I am trying to achieve is the following :
>
> I have two realms with one client each. Let's call them realm A and
> realm B.
>
> Users from realm B can access my application of realm A, because I
> added realm B as a keycloak openid connect identity provider in realm A.
>
> First time a user from real B access my realm A client, this creates a
> user in realm A for this client, and I map some roles for this client.
>
> So far so good. My issue now is : let's say my client initially had a
> role R in realm B, and at first login this role was mapped for this
> user in realm A, if the realm B admin remove role R from this user, I
> want this role to be removed as well in realm A. Or added if a new
> role that should be mapped was added.
>
> Is there a way to update roles next time this user try to authenticate
> in the realm A app ? Or should I use another mechanism to keep my
> roles consistent between my realms ?
>
> Thanks a lot in advance for your help.
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160520/0272258b/attachment.html
More information about the keycloak-user
mailing list