[keycloak-user] Logged user losing roles after adding a new identity provider mapper

MEHDi CHAABOUNi mehdi.chaabouni at gmail.com
Wed Feb 27 09:35:02 EST 2019

I have Keycloak (4.8.3 FINAL) setup with Azure Active Directory with groups
being mapped to roles. I used to have:

GROUP1 mapped to ROLE1
GROUP2 mapped to ROLE2

Everything was working fine until I added a third identity provider mapper:

GROUP3 mapped to ROLE2

Now, a logged user will lose their roles after a while. I still haven't
figured out when it happens, I enabled events logging in the web console of
keycloak but I can't see anything out of the ordinary. Whenever this
happens, I have to manually delete the user from keycloak and reload the

Any ideas?


More information about the keycloak-user mailing list