[keycloak-user] [Keycloak][Get identity provides roles]

Salvatore Incandela salvatore.incandela at redhat.com
Mon Feb 27 09:09:25 EST 2017 

Sorry guys, any feedback?

On Fri, Feb 24, 2017 at 6:49 PM, Salvatore Incandela <
salvatore.incandela at redhat.com> wrote:

> Yes in my case I've:
>
> *Keycloak A* Shows the Login Form with the Usr and Pwd fields and the IDP
> button. When I authenticate with IDP I want to import the user roles from
> Keycloak B, here my configuration:
> *Identity Provider Mappers *
> *Mapper Type=Attribute Importer*
> *Claim=hd_role*
>
> *User Attribute Name=roles*
>
> *Keycloak B* give the "full_access_role" to the user:
> Client Mapper
> Mapper Type=Hardcoded Role
> name=hd_role
> Role=full_access_role
>
> This configuration doesn't work, how I have to configure Keycloak A in
> order to import the roles from Keycloak B into the database?
>
>
>
> On Fri, Feb 24, 2017 at 4:55 PM, Bill Burke <bburke at redhat.com> wrote:
>
>> You mean you are doing identity brokering with a parent keycloak
>> instance?  Look at Mappers.  There are "Claim to Role" and "External
>> Role To Role" mappers.  The tooltips will explain what they do.  What
>> you have to do is map claims from the external IDP into user attributes
>> and role mappings for the user imported into your Keycloak instance.
>> Then you map from the common user model to the token claims you want
>> generated for your application.  Hope that makes sense.
>>
>>
>> On 2/24/17 10:36 AM, Salvatore Incandela wrote:
>> > Hi guys, I've done several tries but I'm still having the same
>> question: is
>> > possible to populate user roles given by an identity provider (another
>> > keycloak instance) getting those from the json claim?
>> >
>> > On Thu, Feb 23, 2017 at 5:56 PM, Salvatore Incandela <
>> > salvatore.incandela at redhat.com> wrote:
>> >
>> >> Hi guys, is possible to populate user roles given by an identity
>> provider
>> >> (another keycloak instance) getting those from the json claim?
>> >>
>> >> --
>> >> Salvatore Incandela
>> >> Middleware Consultant
>> >> ------------------------------
>> >> Red Hat - www.redhat.com
>> >> Via Andrea Doria 41M
>> >> 00192 Roma (Italy)
>> >> Mobile +39 349 6196615 <+39%20349%20619%206615>
>> >> Fax +39 06 39728535 <+39%2006%203972%208535>
>> >> E-mail salvatore.incandela at redhat.com
>> >>
>> >
>> >
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
>
> --
> Salvatore Incandela
> Middleware Consultant
> ------------------------------
> Red Hat - www.redhat.com
> Via Andrea Doria 41M
> 00192 Roma (Italy)
> Mobile +39 349 6196615 <+39%20349%20619%206615>
> Fax +39 06 39728535 <+39%2006%203972%208535>
> E-mail salvatore.incandela at redhat.com
>



-- 
Salvatore Incandela
Middleware Consultant
------------------------------
Red Hat - www.redhat.com
Via Andrea Doria 41M
00192 Roma (Italy)
Mobile +39 349 6196615
Fax +39 06 39728535
E-mail salvatore.incandela at redhat.com

More information about the keycloak-user mailing list