When a user is authenticating for the first time against an IDP , the user is created on RH-SSO . The Identity Provider mapper hardcoded role is also added to the effective user role list.
However, when this user is re-authenticating against another IDP , the hardcoded role coming from the Identity Provider mapper relative to this other IDP is ignored. It is never added to the user effective Role list.
- Red Hat Single Sign-On (RH-SSO)
- External Identity Providers Broker
- RH-SSO used as Service Provider
- Hardcoded role mapper
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.