I have an OIDC Identity Provider setup in Keycloak, and mapping incoming claims using the “Claim to Role” mapper - which is working fine.
However, I am looking for a way to map “Claim to Group” (i.e. a User Group defined in Keycloak) such that an incoming claim maps directly to a User Group which then in term adds all the Roles associated to the User Group as Claims. I cannot see anything in the documentation describing such a solution. Is this possible “out-of-the-box” - or are we talking Service Provider Interfaces (SPI) and some custom code in order to achieve this?
I guess that applying the “Claim to Role” mapper for all the Roles in a specific User Group would achieve the same result - but I am searching for a “smarter” solution - such as a “Claim to Group” mapper.
Thank you in advance,