Facing an issue with Keycloak not able to generate access token with same role mapping

Hi All,

We have an identity provider Shibuleth which is integrated with Keycloak.

We are having an issue where first time login of user succeeds while second time the same user login fails.
The login fails because when a user logs in based on the SAML response from IDP, Keycloak is using the role mappings to generate the access token.For the first time, based on the SAML response, Keycloak generates correct mappings for roles, but for the second time, the role mapping does not work correctly and in the access token we dont have resource_access , scope and aud for the required validation we are looking for.

What could be the reason where it works for the first time, while second time onwards the access token generated does not have the relevant roles data?


Sameer Joshi