admin管理员组

文章数量:1023596

I've been testing the anization feature with multiple anizations for a single user. However, when there are two anizations assigned to a user, the claims disappear from the access token. But if I assign only one anization to the user then the claims 'anization' appear correctly. Is there a current limitation of the feature ?

Else do you have any ideas on how to generate a dedicated access token for a specific anization ?

I've been testing the anization feature with multiple anizations for a single user. However, when there are two anizations assigned to a user, the claims disappear from the access token. But if I assign only one anization to the user then the claims 'anization' appear correctly. Is there a current limitation of the feature ?

Else do you have any ideas on how to generate a dedicated access token for a specific anization ?

  • keycloak
  • anization
Share Improve this question asked Nov 18, 2024 at 19:06 SébastienSébastien 5075 silver badges11 bronze badges 3
  • Can you share "the claims disappear" situation with two anizations example? – Bench Vue Commented Nov 18, 2024 at 19:10
  • Did you find a soltion to this? – Ibrahim Commented Nov 27, 2024 at 17:54
  • Check solution in: github/keycloak/keycloak/discussions/35581 – Kelvin Santiago Commented Dec 5, 2024 at 4:29
Add a comment  | 

2 Answers 2

Reset to default 1

I managed to get this working on Keycloak 26.1.4 by adding a mapper to the anization:* client scope.

I created a client scope called anization:*

Client Scope Fields

I then configured a new mapper for anization:* and chose Organization Membership for the mapping:

Client Scope Mapping Fields

I then added anization client scope as an optional type to my client, and anization:* as a default type.

Once I did this, the Organization claim appears in my access token, and multiple anizations display if my users belongs to multiple anizations.

You need to create a new claim with the name anization:* and turn on Include in token scope.

Assign this client scope to your client and set it as the default. Also, set the anization client scope as optional in your client.

It's working for keycloak 26.0.8, but right know latest version (26.1.3) is not working as expected as far as I can see.

I've been testing the anization feature with multiple anizations for a single user. However, when there are two anizations assigned to a user, the claims disappear from the access token. But if I assign only one anization to the user then the claims 'anization' appear correctly. Is there a current limitation of the feature ?

Else do you have any ideas on how to generate a dedicated access token for a specific anization ?

I've been testing the anization feature with multiple anizations for a single user. However, when there are two anizations assigned to a user, the claims disappear from the access token. But if I assign only one anization to the user then the claims 'anization' appear correctly. Is there a current limitation of the feature ?

Else do you have any ideas on how to generate a dedicated access token for a specific anization ?

  • keycloak
  • anization
Share Improve this question asked Nov 18, 2024 at 19:06 SébastienSébastien 5075 silver badges11 bronze badges 3
  • Can you share "the claims disappear" situation with two anizations example? – Bench Vue Commented Nov 18, 2024 at 19:10
  • Did you find a soltion to this? – Ibrahim Commented Nov 27, 2024 at 17:54
  • Check solution in: github/keycloak/keycloak/discussions/35581 – Kelvin Santiago Commented Dec 5, 2024 at 4:29
Add a comment  | 

2 Answers 2

Reset to default 1

I managed to get this working on Keycloak 26.1.4 by adding a mapper to the anization:* client scope.

I created a client scope called anization:*

Client Scope Fields

I then configured a new mapper for anization:* and chose Organization Membership for the mapping:

Client Scope Mapping Fields

I then added anization client scope as an optional type to my client, and anization:* as a default type.

Once I did this, the Organization claim appears in my access token, and multiple anizations display if my users belongs to multiple anizations.

You need to create a new claim with the name anization:* and turn on Include in token scope.

Assign this client scope to your client and set it as the default. Also, set the anization client scope as optional in your client.

It's working for keycloak 26.0.8, but right know latest version (26.1.3) is not working as expected as far as I can see.

本文标签: Keycloak and new organization feature with multi membership on a user ( v26 )Stack Overflow

版权声明:本文标题:Keycloak and new organization feature with multi membership on a user ( v26 ) - Stack Overflow 内容由热心网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://it.en369.cn/questions/1745599786a2158388.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。