RH-SSO authenticating against different IDPs with hardcoded roles

Solution Verified - Updated -


When a user is authenticating for the first time against an IDP , the user is created on RH-SSO . The Identity Provider mapper hardcoded role is also added to the effective user role list.

However, when this user is re-authenticating against another IDP , the hardcoded role coming from the Identity Provider mapper relative to this other IDP is ignored. It is never added to the user effective Role list.


  • Red Hat Single Sign-On (RH-SSO)
    • 7
  • External Identity Providers Broker
  • RH-SSO used as Service Provider
  • Hardcoded role mapper

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In