[keycloak-user] Comma separated attribute value to roles
Brent Yarger
byarger at redhat.com
Thu May 17 19:18:29 EDT 2018
Hello,
I am using keycloak ( Red Hat SSO 7.2 ) as an identity broker for a SAML
v2.0 identity provider. The SAML XML that I get back has an attribute named
"groups" with a value of a comma-separated list of user roles.
Example:
<saml:Attribute Name="groups"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema "
xsi:type="xs:string">
Admin,User,Auditor,Manager
</saml:AttributeValue>
</saml:Attribute>
Is it possible to map the "groups" attribute to all of the roles in the
list? In the above example, the user would then have four roles assigned --
Admin, User, Auditor, and Manager.
Thanks,
Brent
More information about the keycloak-user
mailing list