Keycloak regex mappers

dj_kill · February 13, 2023, 10:19am

Hello.

We have a Keycloak and OIDC auth provider it is connected to.
OIDC provider on login within separate scope send us special claim in format <Software>-<platformrole>:<organization>

I want to add user to specific groups based on <platformrole> (one group per role) and <organization> (one group per organization).

Per my understanding I can user Advanced Claim to Role or Advanced claim to Group and use “Regex Claim Values”.

Something like “key:groups” with “value:-(.*):”.
And assign that claim to certain role.

But this part is unclear for me.
With that configuration Keycloak provide to underlaying software empty “groups” claim.
What else need to be configured?

dj_kill · February 13, 2023, 4:32pm

Practically speaking I need to assign role to the user based on the part of the claim coming from IdP provider.

Topic		Replies	Views
Advanced Claim to Role Regex Getting advice	4	975	March 15, 2023
"Claim to User Group" Mapper Getting advice authentication , identity-brokering , oidc	3	2320	June 8, 2021
Google oAuth2 SSO / Role Mapper for Google GSuite Groups Getting advice	8	2664	October 8, 2022
How to use mapper type "key to role" in keycloak authentication , identity-brokering , oidc	0	366	January 21, 2021
How to get Keycloak identity broker to display role claims in ID token from Entra ID / Azure identity Provider	0	183	March 15, 2024

Keycloak regex mappers

Related Topics