What I am trying to accomplish is a way to map the composite roles(and their attributes), as well as their “child” roles to the access token in order to use that data.
I only see the user attribute mapper in keycloak admin console but for the role attribute I see none. Also, how do we maintain the structure/granuality of the composite roles, in order to check which roles they have aggregated?
The main idea is to have something like this:
User -> (Composite Roles with several attributes -> Roles)
I have also tried to get the information that I need this way but without success, as it throws an http 403 Forbidden exception when trying to get the realmResource.toRepresentation.
After searching, I believe that is not possible to do those type of requests, only the get ones, right?
What I was doing:
> RealmResource realmResource = keycloak().realm(keycloakRealm);
> if (realmResource != null) {
> List<RoleRepresentation> rolesRepresentationList= realmResource.toRepresentation().getRoles().getRealm();
> for (RoleRepresentation rolesRepresentation : rolesRepresentationList) {
> Composites composites = rolesRepresentation.getComposites();
> Map<String, List<String>> attributes = rolesRepresentation.getAttributes();
> }
> }
> ```
If is not possible to do using this approach ( *User -> (Composite Roles with several attributes -> Roles*) ), do you guys have any suggestion or alternative approach?
The ideia is to map this into the access token, but I am finding it difficult to have this structure in place in the token
Thanks
*Note: I need to integrate with Azure AD so it would be nice if the approach was compatible with it's limitations*