Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
443 views
in Technique[技术] by (71.8m points)

java - Keycloak - Is it possible to map composite roles and their attributes to the access token?

What I am trying to accomplish is a way to map the composite roles(and their attributes), as well as their "child" roles to the access token in order to use that data.

I only see the user attribute mapper in keycloak admin console but for the role attribute I see none. Also, how do we maintain the structure/granularity of the composite roles, in order to check which roles they have aggregated?

The main idea is to have something like this:

User -> (Composite Roles with several attributes -> Roles)

I have also tried to get the information that I need this way but without success, as it throws an http 403 Forbidden exception when trying to get the realmResource.toRepresentation.

What I was doing:

String keycloakRealm = tenantContext.getOrganizationRequestConfig().getKeycloakRealm();
RealmResource realmResource = keycloak().realm(keycloakRealm);

if (realmResource != null) {
    List<RoleRepresentation> rolesRepresentationList= realmResource.toRepresentation().getRoles().getRealm();
    for (RoleRepresentation rolesRepresentation : rolesRepresentationList) {
        Composites composites = rolesRepresentation.getComposites();
        Map<String, List<String>> attributes = rolesRepresentation.getAttributes();
    }
}

If is not possible to do using this approach ( User -> (Composite Roles with several attributes -> Roles) ), do you guys have any suggestion or alternative approach?

The ideia is to map this into the access token, but I am finding it difficult to have this structure in place in the token

Thanks

Note: I need to integrate with Azure AD

Edit: Client protocol is OIDC


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)
等待大神答复

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...