Skip to main content

I have set up an OpenID provider in IAM, allowing users to log in to the application via SSO. Now, I want to link user groups to this role using the 'roles' claim.

I am facing an issue, and I think it might be related to the number of roles assigned to a user, as in some cases, there are quite a lot of them, but it could also be something else. For some users, I see a long list of roles where I could filter by ID to find the correct role, but for other users, I don’t receive any role claim at all, even though these are configured in their Azure AD.

 

Does anyone happen to know what might be causing this?

Hello @groos ,

Am I correct to assume that you've checked the Login attempts tab page in the OpenID providers menu in IAM? I assume that this is where you’ve noticed that for some users a list of roles is returned and for others it isn't. I suspect the issue to be located somewhere in the JSON data that is being provided to IAM.

Do you have access to the JSON data that is being returned?

If so, is there any chance that we could take a look at it to rule some things out?

Kind regards,

Renée


Hello Renée,

I solved it by creating a new claim and giving the role with it. This gives a smaller set of roles than the previous role claim.

But true I looked in the JSON message in Login attempts and sometimes a user had a list of roles en sometimes not.