3 Replies Latest reply on Apr 2, 2019 1:56 PM by slominskir

    Elytron & Keycloak - add attributes to roles

    marcoben73
    marcoben73 Mar 26, 2019 6:14 AM

      I'm using Elytron to secure my application with security context propagation from web to ejb.

      My realm use Keycloak as identity store.

      I would like to add some values from token attributes to default roles decoded from keycloak identity, but I didn't find an "aggregate" role decoder.

       

      With this configuration

      <security-domains>
    ...
    <security-domain name="KeycloakDomain" default-realm="KeycloakOIDCRealm" permission-mapper="default-permission-mapper" security-event-listener="local-audit">
        <realm name="KeycloakOIDCRealm"/>
    </security-domain>
</security-domains>
<security-realms>
    <custom-realm name="KeycloakOIDCRealm" module="org.keycloak.keycloak-wildfly-elytron-oidc-adapter" class-name="org.keycloak.adapters.elytron.KeycloakSecurityRealm"/>
    ...
</security-realms>

      I got the principal and roles from keycloak.

       

      But in keycloak token I also have some attributes, I would like to add the values of the attribute "groups" to the decoded roles, ideally with a prefix.

       

      Is it possible without writing a custom decoder?

      If I need to implement a custom decoder, is there an example available?

       

      Thanks in advance.