We have had a similar issue, be aware of a possible conflicting configuration that can cause this.
Roles claim missing from the access token
Have registered an app for SSO to web app. Created App roles for the app. Assigned users to groups and assigned groups to the app roles. The access tokens of the authenticated users do not show the roles claim. There are no groups or roles claim in the access token. Have been banging my head since several days now but this shit doesn't seem to budge. Went through all similar questions but nothing has helped so far. Seeking out the community for help.
1 additional answer
Sort by: Most helpful
-
VN 20 Reputation points
2024-09-21T08:44:43.82+00:00 As @Niels Rossen suggested, emit_as_roles for the optional groups claim was the culprit. It prevented the app roles from appearing in the token. After removing the optional groups claim entirely, I could see the app roles coming up under the roles claim in the token. Thanks a ton to @Niels Rossen