Finished implementation of oauth2 import

2025-08-29 15:06:26 +02:00 · 2025-08-17 21:00:45 +02:00
parent 7d0502ebc5
commit 5f0762e4f6
20 changed files with 620 additions and 190 deletions
--- a/roles/web-app-keycloak/templates/import/scopes/rbac.json.j2
+++ b/roles/web-app-keycloak/templates/import/scopes/rbac.json.j2
@@ -0,0 +1,29 @@
+{
+  "name": "{{ KEYCLOAK_OIDC_RBAC_SCOPE_NAME }}",
+  "description": "RBAC Groups",
+  "protocol": "openid-connect",
+  "attributes": {
+    "include.in.token.scope": "false",
+    "display.on.consent.screen": "true",
+    "gui.order": "",
+    "consent.screen.text": ""
+  },
+  "protocolMappers": [
+    {
+      "name": "groups",
+      "protocol": "openid-connect",
+      "protocolMapper": "oidc-group-membership-mapper",
+      "consentRequired": false,
+      "config": {
+        "full.path": "true",
+        "introspection.token.claim": "true",
+        "userinfo.token.claim": "true",
+        "multivalued": "true",
+        "id.token.claim": "true",
+        "lightweight.claim": "false",
+        "access.token.claim": "true",
+        "claim.name": "{{ OIDC.CLAIMS.GROUPS }}"
+      }
+    }
+  ]
+}