User registered in one client to be available in another one in same realm

159 views
Skip to first unread message

Juan Pablo Gardella

unread,
Oct 10, 2022, 1:49:54 PM10/10/22
to Keycloak User
Is there a way to allow a user registered in one client to be available in another one in the same realm automatically?

I have a use case of two clients in the same realm and I would like to allow users registered through one client to be available on another client.  In order to make it work, I have to do role mapping manually by selecting the user and associate a role available in the second client. 

Ideally I would like to make a user associate by default two roles named A, where both clients have the role A. Tried using default roles but it does not work.

Any idea if that is possible? I am usign Keycloak 18.0.2.

Thanks

Thomas Darimont

unread,
Oct 10, 2022, 2:43:44 PM10/10/22
to Keycloak User
Hello,

so you want to assign client roles from two (multiple) different clients to a user after they self-registered?
As you already mentioned, you can use default roles to do this.

If you are using the old admin console:
1) Goto the "Roles" section of your realm
2) Click default roles tab
3) Use the client roles selector to select the clients you need and assign the roles you want your uses to have

In the new admin-console
1) Realm Settings
2) User Registration
3) Select the client roles you want to have by default

Note that the client roles will be indirectly assigned via the default-roles-$realm role.
I just gave this a spin with Keycloak 19.0.3 and nightly. Works as expected, but I just noticed that the new  
keycloak admin console (admin2) does not show the inherited clients roles, but the old admin-console (set admin theme in master realm to "keycloak") does indeed show the client roles.

Cheers,
Thomas

Thomas Darimont

unread,
Oct 10, 2022, 2:50:48 PM10/10/22
to Keycloak User
looks like there is already an keycloak-ui issue logged for this: https://github.com/keycloak/keycloak-ui/issues/3404

Juan Pablo Gardella

unread,
Oct 10, 2022, 3:31:27 PM10/10/22
to Thomas Darimont, Keycloak User
Thanks Thomas, I tried using default roles but it does not work. After authentication user grants are shown[1] empty without doing manual mapping. I will try again and let you know.

Cheers,
Juan
[1] I am using spring boot with keycloak starter.

--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/23b7ef3c-ce84-40a2-87bd-df617f7b5fa8n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages