Does anyone have an example of a Kubernetes kind: KeycloakClient object that configures the client to add the keycloak groups into the “groups” field of the ID token?
Hi, it should be possible using mappers, see Client CRD. The config in the CRs mimics the REST API, so I’d suggest to try to configure it at first using the Admin Console, watch the browser dev console for the REST API requests to see how exactly the configuration is supposed to look, and then configure it in the same way in the CR.
For the record, using @vmuzikar’s help, this is an example of how to do it:
protocolMappers: - name: groups id: 9a1c47d4-1e01-4ed2-9b38-e08ed7d22daa protocol: openid-connect protocolMapper: oidc-group-membership-mapper consentRequired: false config: "full.path": "true" "id.token.claim": "true" "access.token.claim": "true" "userinfo.token.claim": "true" "claim.name": groups