Using keycloak-orgs - added singular-keycloak-db-federation extension - having issues with multi value user attributes.

[KDMRyanT]

Hello, I'm trying to have a user attribute I have named Roles. From the saml IdP we pull in roles or role and place the value in user_storage under Roles. I also have singular-keycloak-database-federation in use to pull values into keycloak, including what my company uses as application roles. Here is where my problem lies... On initiating connection to IdP from application, I log in, and then I'm redirected back to my application. I have a testing application that displays the information of the openid user_information, token, etc ( openid-connect-client ). Anyways, the problem I'm having is the values from the IdP and the DB are not merged together. For the IdP the value returned shows values separated in json array. However the values from the database, because of multivalued are shown as a long string of "roles" separated by ## values. Example:

"roles": [ "Role1", "Role2##Role3##Role4##Role5", "Role6" ]

What I was expecting was: "roles": [ "Role1", "Role2", "Role3", "Role4", "Role5", "Role6" ]

Is this an issue with keycloak 20? Is this something I have done wrong/incorrect? Please advise.

[xgp]

This doesn't seem to be related to this extension. I'd try the keycloak mailing list or the singular-keycloak-database-federation issues. It sounds like your role mapping isn't working right for one of them, and it's getting stored as a compound value.