Keycloak-operator KubeClient Groups mapper example

Does anyone have an example of a Kubernetes kind: KeycloakClient object that configures the client to add the keycloak groups into the “groups” field of the ID token?

Hi, it should be possible using mappers, see Client CRD. The config in the CRs mimics the REST API, so I’d suggest to try to configure it at first using the Admin Console, watch the browser dev console for the REST API requests to see how exactly the configuration is supposed to look, and then configure it in the same way in the CR.

1 Like

For the record, using @vmuzikar’s help, this is an example of how to do it:

- name: groups
  id: 9a1c47d4-1e01-4ed2-9b38-e08ed7d22daa
  protocol: openid-connect
  protocolMapper: oidc-group-membership-mapper
  consentRequired: false
    "full.path": "true"
    "id.token.claim": "true"
    "access.token.claim": "true"
    "userinfo.token.claim": "true"
    "": groups