[keycloak-user] Keycloak as external Identity Provider fails on group import
Arnold Bechtoldt
mail at arnoldbechtoldt.com
Tue Jul 10 05:41:14 EDT 2018
Hi,
We’re using Keycloak 3.4.3 (upgrade to 4.x already planned) and use a Keycloak instance (1) as external identity provider for another Keycloak instance (2) that runs in another region. Unfortunately (2) can’t import the group membership (groups claim, array of group names) from the JWT of (1).
It is possible to configure mapper (https://www.keycloak.org/docs/latest/server_admin/index.html#_mappers) but it seems that it works for arbitrary user attributes and roles only.
Do you have any ideas how to import the group membership of the user?
Thanks!
Arnold
More information about the keycloak-user
mailing list