Hello,
I’m using the openid-connect add-on with keycloak. I’m having a problem, on keycloak I create a user called admin that has ‘system-full-access’ for role, then I create another user on the Jmix APP and I assign the ‘system-full-access’ role.
In my database I can see the role assignement but when I log in, I don’t have the role.
The role is only in database and not on keycloak for the user, how can I make him use the role from the DB and not from keycloak.
Thanks in advance,
Simon
Hi Simon
I’m not sure if this is what is needed, but I have role synchronization configured this way:
@Component
public class SampleSynchronizingOidcUserMapper extends SynchronizingOidcUserMapper<User> {
public SampleSynchronizingOidcUserMapper(UnconstrainedDataManager dataManager,
UserRepository userRepository,
ClaimsRolesMapper claimsRolesMapper) {
super(dataManager, userRepository, claimsRolesMapper);
setSynchronizeRoleAssignments(true);
}
@Override
protected Class<User> getApplicationUserClass() {
return User.class;
}
@Override
protected void populateUserAttributes(OidcUser oidcUser, User jmixUser) {
jmixUser.setUsername(oidcUser.getPreferredUsername());
}
@Override
protected String getOidcUserUsername(OidcUser oidcUser) {
return oidcUser.getPreferredUsername();
}
}
spring.security.oauth2.client.provider.keycloak.user-name-attribute=preferred_username
