Why I can't see the groups in my JWT issued from Keycloak?

Question

In my client configuration in Keycloak I have enabled groups mapping:

and in my Spring Boot application I have a Controller that prints the principal:

@GetMapping("/account/me")
public ResponseEntity<Principal> me(Principal principal) {

    return ResponseEntity.ok(principal);
}

but it doesn't contains the group that I defined in Keycloak.

As mentioned here there should be an additional section other_claims. But it is not added!

Why?

Be aware that roles != groups. Have you mapped your groups to realm roles, or did you intend to use a group mapper instead of role mapper? — varesa, Jul 29 '21 at 15:42

score 2 · Accepted Answer · answered Jul 29 '21 at 15:48

2

Your screenshot indicates that you are using a User Realm Role mapper. If you want to map the groups, you need to use a Group Membership mapper instead.

answered Jul 29 '21 at 15:48

sventorben

1,597
4
17

Why I can't see the groups in my JWT issued from Keycloak?

1 Answers1