What I am trying to accomplish is a way to map the composite roles(and their attributes), as well as their "child" roles to the access token in order to use that data.
I only see the user attribute mapper in keycloak admin console but for the role attribute I see none. Also, how do we maintain the structure/granularity of the composite roles, in order to check which roles they have aggregated?
The main idea is to have something like this:
User -> (Composite Roles with several attributes -> Roles)
I have also tried to get the information that I need this way but without success, as it throws an http 403 Forbidden exception when trying to get the realmResource.toRepresentation.
What I was doing:
String keycloakRealm = tenantContext.getOrganizationRequestConfig().getKeycloakRealm();
RealmResource realmResource = keycloak().realm(keycloakRealm);
if (realmResource != null) {
List<RoleRepresentation> rolesRepresentationList= realmResource.toRepresentation().getRoles().getRealm();
for (RoleRepresentation rolesRepresentation : rolesRepresentationList) {
Composites composites = rolesRepresentation.getComposites();
Map<String, List<String>> attributes = rolesRepresentation.getAttributes();
}
}
If is not possible to do using this approach ( User -> (Composite Roles with several attributes -> Roles) ), do you guys have any suggestion or alternative approach?
The ideia is to map this into the access token, but I am finding it difficult to have this structure in place in the token
Thanks
Note: I need to integrate with Azure AD
Edit: Client protocol is OIDC
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
