[keycloak-user] Mapping Claims from Identity providers
Konsulent Thomas Isaksen (TNO)
thomas.isaksen at toyota.no
Sun Apr 28 04:33:55 EDT 2019
I have configured Azure as my identity provider and I am assigning roles to my users in Keycloak based on claims I get from Azure.
Once I have defined one or more Role Mappers and sign in with my Keycloak user for the first time the mapping is done and working as expected, however,
once I create additional mappings the roles of the user are no longer updated. The only way to get an updated mapping is to delete my Keycloack user and sign in again.
I tried to look it up in the documentation:
Mapping Claims and Assertions
https://www.keycloak.org/docs/3.2/server_admin/topics/identity-broker/mappers.html
..
"Each new user that logs into your realm via an external identity provider will have an entry for it created in the local Keycloak database. The act of importing metadata from the SAML or OIDC assertions and claims will create this data with the local realm database."
...
Does this mean that I cannot expect new claim mappings to apply to existing users? Is there any way to do this ?
--
Thomas Isaksen
More information about the keycloak-user
mailing list