[keycloak-user] [Keycloak][Get identity provides roles]

Salvatore Incandela salvatore.incandela at redhat.com
Fri Feb 24 12:49:43 EST 2017


Yes in my case I've:

*Keycloak A* Shows the Login Form with the Usr and Pwd fields and the IDP
button. When I authenticate with IDP I want to import the user roles from
Keycloak B, here my configuration:
*Identity Provider Mappers *
*Mapper Type=Attribute Importer*
*Claim=hd_role*

*User Attribute Name=roles*

*Keycloak B* give the "full_access_role" to the user:
Client Mapper
Mapper Type=Hardcoded Role
name=hd_role
Role=full_access_role

This configuration doesn't work, how I have to configure Keycloak A in
order to import the roles from Keycloak B into the database?



On Fri, Feb 24, 2017 at 4:55 PM, Bill Burke <bburke at redhat.com> wrote:

> You mean you are doing identity brokering with a parent keycloak
> instance?  Look at Mappers.  There are "Claim to Role" and "External
> Role To Role" mappers.  The tooltips will explain what they do.  What
> you have to do is map claims from the external IDP into user attributes
> and role mappings for the user imported into your Keycloak instance.
> Then you map from the common user model to the token claims you want
> generated for your application.  Hope that makes sense.
>
>
> On 2/24/17 10:36 AM, Salvatore Incandela wrote:
> > Hi guys, I've done several tries but I'm still having the same question:
> is
> > possible to populate user roles given by an identity provider (another
> > keycloak instance) getting those from the json claim?
> >
> > On Thu, Feb 23, 2017 at 5:56 PM, Salvatore Incandela <
> > salvatore.incandela at redhat.com> wrote:
> >
> >> Hi guys, is possible to populate user roles given by an identity
> provider
> >> (another keycloak instance) getting those from the json claim?
> >>
> >> --
> >> Salvatore Incandela
> >> Middleware Consultant
> >> ------------------------------
> >> Red Hat - www.redhat.com
> >> Via Andrea Doria 41M
> >> 00192 Roma (Italy)
> >> Mobile +39 349 6196615 <+39%20349%20619%206615>
> >> Fax +39 06 39728535 <+39%2006%203972%208535>
> >> E-mail salvatore.incandela at redhat.com
> >>
> >
> >
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>



-- 
Salvatore Incandela
Middleware Consultant
------------------------------
Red Hat - www.redhat.com
Via Andrea Doria 41M
00192 Roma (Italy)
Mobile +39 349 6196615
Fax +39 06 39728535
E-mail salvatore.incandela at redhat.com


More information about the keycloak-user mailing list