I have built an application that uses keycloak for managing users and roles and AzureAD as an Identity provider and I am running into an issue since I updated from version 13 to 22. I managed to transfer my configuration, roles and mappers correctly. However, the ‘default-role’ is deleted for certain users when the session is timedOut. I have no issues when these users are first created in keycloak, the default role is mapped corrected at this moment. I suspect that the role mapper is not triggered correctly during session timeout due to an Idle SSO timeout policy in the AzureAd config. I had some useful information using these 2 links :
But I would Love for some help please.