Role assignement and UserSubstitution


I’m using the OIDC plugin with a keycloak server, I have implement a ClaimsRoleMapper, but when I substitute a User, the claimsRoleMapper seems not to be called and the role are not set.

How can I do it ?


I’m afraid that user substitution mechanism won’t work with keycloak authentication. ClaimsRolesMapper takes information from the response that comes from Keycloak after the user is successfully authenticated there. In case of user substitution no request to Keycloak is sent, so there is no way to get substituted user information from Keycloak on behalf of the current user.