[keycloak-user] Comma separated attribute value to roles

Brent Yarger byarger at redhat.com
Thu May 17 19:18:29 EDT 2018


Hello,
I am using keycloak ( Red Hat SSO 7.2 ) as an identity broker for a SAML
v2.0 identity provider. The SAML XML that I get back has an attribute named
"groups" with a value of a comma-separated list of user roles.

Example:

<saml:Attribute Name="groups"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
    <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema "
xsi:type="xs:string">
        Admin,User,Auditor,Manager
    </saml:AttributeValue>
</saml:Attribute>


Is it possible to map the "groups" attribute to all of the roles in the
list? In the above example, the user would then have four roles assigned --
Admin, User, Auditor, and Manager.

Thanks,
Brent


More information about the keycloak-user mailing list