SAML Client RoleList mapper

mrparkers / terraform-provider-keycloak

Terraform provider for Keycloak

https://registry.terraform.io/providers/mrparkers/keycloak/latest/docs

MIT License

607 stars 295 forks source link

SAML Client RoleList mapper #864

Open seb-835 opened 1 year ago

seb-835 commented 1 year ago

Hi, can i request your help, i do not find the way to declare a "SAML Client RoleList mapper" through the provider ?

i want to setup the following , like i may do through the GUI .

Name: roles
Mapper Type: Role list
Role attribute name: roles
Friendly Name: Roles
SAML Attribute NameFormat: Basic
Single Role Attribute: On

Thanks

al-cheb commented 1 year ago

This should help - https://github.com/mrparkers/terraform-provider-keycloak/issues/625

james-callahan commented 1 year ago

I use e.g.

resource "keycloak_generic_protocol_mapper" "staff_aws_role" {
  for_each = {
    browser = keycloak_saml_client.aws.id
    cli     = keycloak_saml_client.aws_saml_cli.id
  }

  realm_id        = keycloak_realm.staff.id
  client_id       = each.value
  protocol        = "saml"
  protocol_mapper = "saml-role-list-mapper"
  name            = "Role"
  config = {
    "single"               = "true"
    "attribute.name"       = "https://aws.amazon.com/SAML/Attributes/Role"
    "attribute.nameformat" = "URI Reference"
  }
}