3 Replies Latest reply on Apr 2, 2019 1:56 PM by slominskir

    Elytron & Keycloak - add attributes to roles


      I'm using Elytron to secure my application with security context propagation from web to ejb.

      My realm use Keycloak as identity store.

      I would like to add some values from token attributes to default roles decoded from keycloak identity, but I didn't find an "aggregate" role decoder.


      With this configuration

          <security-domain name="KeycloakDomain" default-realm="KeycloakOIDCRealm" permission-mapper="default-permission-mapper" security-event-listener="local-audit">
              <realm name="KeycloakOIDCRealm"/>
          <custom-realm name="KeycloakOIDCRealm" module="org.keycloak.keycloak-wildfly-elytron-oidc-adapter" class-name="org.keycloak.adapters.elytron.KeycloakSecurityRealm"/>

      I got the principal and roles from keycloak.


      But in keycloak token I also have some attributes, I would like to add the values of the attribute "groups" to the decoded roles, ideally with a prefix.


      Is it possible without writing a custom decoder?

      If I need to implement a custom decoder, is there an example available?


      Thanks in advance.