Problem with login_filter

[Iwios]

Hello, I have a Nextcloud plug in my Keycloak

I try to filter connexions with a filter value.

But with my configuration, I have this error:

Access to this service is not allowed because you do not have one of the allowed login filter values. If you think this is an error, contact your administrator.

'oidc_login_client_id' => 'test', // Client ID: Step 1 'oidc_login_client_secret' => 'MySecret', // Client Secret: Got to Clients -> Client -> Credentials 'oidc_login_provider_url' => 'https://keycloak.fqdn.fr/realms/My_REALMS', 'oidc_login_end_session_redirect' => true, // Keycloak 18+ 'oidc_login_logout_url' => 'https://keycloak.fqdn.fr/apps/oidc_login/oidc', // Keycloak 18+ 'oidc_login_disable_registration' => false, //'oidc_login_auto_redirect' => true, //'oidc_login_redir_fallback' => true, 'oidc_login_attributes' => array( 'id' => 'preferred_username', 'mail' => 'email', 'login_filter' => 'realm_access_roles', ), 'oidc_login_code_challenge_method' => 'S256', 'oidc_login_filter_allowed_values' => array('default-roles-access'),

This is my configuration for my user:

[Iwios]

Ok I have found solution and work!

I have another question, I try to use filter login with a role in the client level and not in realm level.

I try to do this: 'login_filter' => 'resource_access',

But didn't work.

The plugin allow the filter base on role in client level?

[Iwios]

Ok I find the solution. My problem is the mapper client role token was not configured correctly. I need to valid like this:

[Iwios]

I have last question: Can we put user in admin group based on client role?