3 Replies Latest reply on Apr 2, 2019 1:56 PM by slominskir

    Elytron & Keycloak - add attributes to roles

    marcoben73

      I'm using Elytron to secure my application with security context propagation from web to ejb.

      My realm use Keycloak as identity store.

      I would like to add some values from token attributes to default roles decoded from keycloak identity, but I didn't find an "aggregate" role decoder.

       

      With this configuration

      <security-domains>
          ...
          <security-domain name="KeycloakDomain" default-realm="KeycloakOIDCRealm" permission-mapper="default-permission-mapper" security-event-listener="local-audit">
              <realm name="KeycloakOIDCRealm"/>
          </security-domain>
      </security-domains>
      <security-realms>
          <custom-realm name="KeycloakOIDCRealm" module="org.keycloak.keycloak-wildfly-elytron-oidc-adapter" class-name="org.keycloak.adapters.elytron.KeycloakSecurityRealm"/>
          ...
      </security-realms>
      

      I got the principal and roles from keycloak.

       

      But in keycloak token I also have some attributes, I would like to add the values of the attribute "groups" to the decoded roles, ideally with a prefix.

       

      Is it possible without writing a custom decoder?

      If I need to implement a custom decoder, is there an example available?

       

      Thanks in advance.