"Claim to User Group" Mapper

regin · October 12, 2020, 8:54pm

Hi all

I have an OIDC Identity Provider setup in Keycloak, and mapping incoming claims using the “Claim to Role” mapper - which is working fine.

However, I am looking for a way to map “Claim to Group” (i.e. a User Group defined in Keycloak) such that an incoming claim maps directly to a User Group which then in term adds all the Roles associated to the User Group as Claims. I cannot see anything in the documentation describing such a solution. Is this possible “out-of-the-box” - or are we talking Service Provider Interfaces (SPI) and some custom code in order to achieve this?

I guess that applying the “Claim to Role” mapper for all the Roles in a specific User Group would achieve the same result - but I am searching for a “smarter” solution - such as a “Claim to Group” mapper.

Thank you in advance,
Regin

MiguelAngeloC · January 12, 2021, 11:55am

Also wanted to know this… did you reached the solution, @regin ?

mqorom · May 6, 2021, 11:13am

I’m looking for the same

Gonzo · June 8, 2021, 1:38pm

I have a similar need and since mapping to a Group does not ssem to work I am working with a “composite role” now to “group” the other necessary roles together.

Topic		Replies	Views
How to use mapper type "key to role" in keycloak authentication , identity-brokering , oidc	0	366	January 21, 2021
Keycloak regex mappers Getting advice	1	786	February 13, 2023
Identity Broker - Role mapping Getting advice identity-brokering , oidc	2	1624	March 15, 2024
Google oAuth2 SSO / Role Mapper for Google GSuite Groups Getting advice	8	2664	October 8, 2022
Import Groups from Okta Configuring the server identity-brokering , oidc	1	485	November 8, 2022

"Claim to User Group" Mapper

Related Topics