From 6124ff9ab42d2b51573a1b76892877bb997f5cd4 Mon Sep 17 00:00:00 2001
From: GeorgeRaven <GeorgeRavenCommunity@pm.me>
Date: Fri, 28 Feb 2025 23:15:26 +0000
Subject: [PATCH] Added groups protocol-mapper realm mapper again

---
 .../templates/protocol-mappers/groups.yaml    | 29 +++++++++++++++++++
 .../templates/scopes/groups.yaml              | 11 +++++++
 2 files changed, 40 insertions(+)
 create mode 100644 charts/keycloak-late/templates/protocol-mappers/groups.yaml
 create mode 100644 charts/keycloak-late/templates/scopes/groups.yaml

diff --git a/charts/keycloak-late/templates/protocol-mappers/groups.yaml b/charts/keycloak-late/templates/protocol-mappers/groups.yaml
new file mode 100644
index 00000000..5ee1a398
--- /dev/null
+++ b/charts/keycloak-late/templates/protocol-mappers/groups.yaml
@@ -0,0 +1,29 @@
+# see: https://marketplace.upbound.io/providers/crossplane-contrib/provider-keycloak/v1.8.0/resources/client.keycloak.crossplane.io/ProtocolMapper/v1alpha1
+# role mapper example
+apiVersion: client.keycloak.crossplane.io/v1alpha1
+kind: ProtocolMapper
+metadata:
+  name: groups
+spec:
+  forProvider:
+    realmIdRef:
+      name: deepcypher
+    clientScopeIdRef:
+      name: groups
+    name: groups
+    protocol: openid-connect
+    protocolMapper: oidc-usermodel-realm-role-mapper
+    config:
+      # for available options:
+      # see: https://github.com/crossplane-contrib/provider-keycloak/issues/90
+      # and: https://github.com/keycloak/keycloak/blob/cc558b4090eb6707e269d9a581945a6424d0adbc/services/src/main/java/org/keycloak/protocol/oidc/mappers/UserRealmRoleMappingMapper.java#L40
+      # which links to the OIDCAttributeMapperHelper at https://github.com/keycloak/keycloak/blob/cc558b4090eb6707e269d9a581945a6424d0adbc/services/src/main/java/org/keycloak/protocol/oidc/mappers/UserRealmRoleMappingMapper.java#L61
+      # which then references: https://github.com/keycloak/keycloak/blob/cc558b4090eb6707e269d9a581945a6424d0adbc/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCAttributeMapperHelper.java#L57
+      id.token.claim: "true"
+      access.token.claim: "true"
+      userinfo.token.claim: "true"
+      multivalued: "true"
+      claim.name: "roles"
+      jsonType.label: "String"
+  providerConfigRef:
+    name: default
diff --git a/charts/keycloak-late/templates/scopes/groups.yaml b/charts/keycloak-late/templates/scopes/groups.yaml
new file mode 100644
index 00000000..a0b6d635
--- /dev/null
+++ b/charts/keycloak-late/templates/scopes/groups.yaml
@@ -0,0 +1,11 @@
+apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
+kind: ClientScope
+metadata:
+  name: groups
+spec:
+  deletionPolicy: Delete
+  forProvider:
+    realmIdRef:
+      name: deepcypher
+    name: groups
+    description: "ClientScope providing mappers for oidc groups from realm roles"