Role AND group mapping with custom oauth using keycloak

Description

I am trying to set up group and role mapping from keycloak to rocketchat. Role mapping works fine, but when i want to add group mapping as well, nothing happens. Is it even possible? Because there is only one field for group/role mapping in the customoauth settings. Thanks for your help.

Server Setup Information

  • Version of Rocket.Chat Server: 3.8.8
  • Operating System: Debian stretch
  • Deployment Method: docker on k8s
  • Number of Running Instances: 1
  • DB Replicaset Oplog:
  • NodeJS Version:
  • MongoDB Version:
  • Proxy:
  • Firewalls involved:

Any additional Information

We can create the user in keycloak and that user can log in with rocket chat.
My question is can we make this user as admin for rocketchat using keycloak??

Hello,

here is the documentation for that Keycloak - Rocket.Chat Docs

But only works until RC 3.18.3, the feature was removed in >4.x.

Thanks @d3h, I have followed this Blog but no use… Here I have given the details

adding the required roles to client


Details of Role

Adding the mappers for the client

Mappers details

Add that role to user

Please help with this

There is no need to make a composite role. Just create the role for the client. Create the mapper and give the role to the user.

And you need to set the role mapper in Rc-Administration-Menu > Oauth too.

1 Like

Thank you @d3h . I need one small clarification.
Did you say the below items ??

image
Sorry for the german screenshot, but it’s the one above the Roles/Groups field for channel mapping

Thank you so much @d3h, I will try this

Hi, @d3h I have tried this. But I can’t make the keycloak created user as an admin of rocket chat.
I have both keyclaok and the rocketchat was in docker.

Here there is no rocket chat administrative access.

Did you relog? You can check your access token in keycloak under client scope > evaluate. Then there must be something like
roles { admin }

Ok @d3h I will check