[keycloak-user] identity broker role mapping bug?
Simon Payne
simonpayne58 at gmail.com
Wed Oct 25 09:46:14 EDT 2017
Hi, i think i may have found a bug in the identity provider mapping of
claims to roles.
it appears that if i have an identity provider with claims in the token,
which i want to map to a role in the identity broker, then it only does
this once during the first time login. if i remove the claim from the
identity provider token, then this successfully removes it from the broker
- but never remaps if i then add it again.
the scenario i am trying to create here is that the identity provider is
responsible for authentication where active directory groups appears as
claim in the token. the broker then map this claim to the role providing
the authorization.
this behaviour appears to be the same whether i map a broker role to a
custom claim or a realm role in the provider token.
hope this makes sense, thanks
Simon.
More information about the keycloak-user
mailing list