Advanced Claim to Role Regex

belfhi · August 22, 2022, 3:03pm

Hi,
I’d like to map an OIDC claim to a Realm Role.
If I use the advanced claim to role mapper with the exact
value of the clami it works as expected.

Now, I want to make it more general and use a RegEx to map multiple
claim values to this group but this does not work.
My claim is eduperson_entitlement and I would like to map any claim value of urn:geant:helmholtz.de:group: and anything that follows to this to my role.
How do I construct the RegEx?
It seems like I’m missing somethng, a simple search for \b does not work.
Does anyone have experience with this?
Cheers

alansonsci · February 2, 2023, 2:24pm

Did you make any progress with this?

belfhi · February 6, 2023, 7:57pm

Hi @alansonsci ,
yes, I had to match the whole of the OIDC Claim with a regex matchall
(\b<MATCH>\b)(?s)(.*$)
This worked. Took a while and a lot of regex101.com

alansonsci · March 13, 2023, 11:38pm

BTW did you write a script to do this or was it via the console? I am trying to learn about the REST API and trying and failing to get it working via my python script. import requestsimport jsonimport boto3# Set up variables for Keycloak se - Pastebin.com

belfhi · March 15, 2023, 12:43pm

hi,
no I just used the Web UI.

Topic		Replies	Views
Keycloak regex mappers Getting advice	1	773	February 13, 2023
"Claim to User Group" Mapper Getting advice authentication , identity-brokering , oidc	3	2307	June 8, 2021
Identity Provider Mapper - Advanced Claim to Role - Python Keycloak REST API Configuring the server	0	304	March 13, 2023
Identity Broker - Role mapping Getting advice identity-brokering , oidc	2	1613	March 15, 2024
Creating an Identity Provider Mapper	1	1126	March 13, 2023

Advanced Claim to Role Regex

Related Topics