The authorization mapper synchronizes the roles, domains, groups and other settings of a user from Keycloak with the user table of the censhare Server.
Prerequisites
On your Keycloak server, you must add the roles, domains, groups and other settings that you want to synchronize.
Introduction
The censhare standard governance model requires a default role/domain and additional roles/domains for a user. With these data and additional settings, censhare creates a user party after a successful login of a user with their credentials.
The authorization mapper is an XSLT that stores the mapping. When a user logs in, first Keycloak sends a JWT token to the censhare Server via the Cloud Gateway. Next, the censhare Server requests the user roles, domains, groups and other settings via the Keycloak REST interface.
Default mapping
The default mapping is stored in the Keycloak Party Mapping (resource key:)