Hello.
I have realm A, that use my custom user federation coded in Java as extension to Keycloak 22.
My extension also contains implementation of custom RoleModel which is returned in my implementation of AbstractUserAdapter like this:
@Override
protected Set<RoleModel> getRoleMappingsInternal() {
Set<RoleModel> roles = new HashSet<>();
user.getRoles().forEach(r -> {
roles.add(new MyCustomRoleAdapter(realm, r, true));
});
return roles;
}
This is implemented to include roles from my external user provider in JWT token and it works.
I also have realm B, which use OpenID Connect from realm A as an identity provder. The OIDC works great, but the roles I mentioned above are not inherited by realm B. I wish JWT token generated by realm B also contain these custom roles from my external provider. Is it somehow possible?