Role assignement Keycloak Jmix


I’m using the openid-connect add-on with keycloak. I’m having a problem, on keycloak I create a user called admin that has ‘system-full-access’ for role, then I create another user on the Jmix APP and I assign the ‘system-full-access’ role.

In my database I can see the role assignement but when I log in, I don’t have the role.
The role is only in database and not on keycloak for the user, how can I make him use the role from the DB and not from keycloak.

Thanks in advance,

Hi Simon
I’m not sure if this is what is needed, but I have role synchronization configured this way:

  1. Create a mapper component (from the addon documentation)
public class SampleSynchronizingOidcUserMapper extends SynchronizingOidcUserMapper<User> {

    public SampleSynchronizingOidcUserMapper(UnconstrainedDataManager dataManager,
                                             UserRepository userRepository,
                                             ClaimsRolesMapper claimsRolesMapper) {
        super(dataManager, userRepository, claimsRolesMapper);

    protected Class<User> getApplicationUserClass() {
        return User.class;

    protected void populateUserAttributes(OidcUser oidcUser, User jmixUser) {

    protected String getOidcUserUsername(OidcUser oidcUser) {
        return oidcUser.getPreferredUsername();
  1. Add the property to
  1. Create a mapper in Keycloak (Client → Mappers)