This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 36%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
Have registered an app for SSO to web app. Created App roles for the app. Assigned users to groups and assigned groups to the app roles. The access tokens of the authenticated users do not show the roles claim. There are no groups or roles claim in the access token. Have been banging my head since several days now but this shit doesn't seem to budge. Went through all similar questions but nothing has helped so far. Seeking out the community for help.
@Niels Rossen Thanks a ton for the answer. It worked.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 99%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENR%3C/text%3E%3C/svg%3E)
We have had a similar issue, be aware of a possible conflicting configuration that can cause this.
As @Niels Rossen suggested, emit_as_roles for the optional groups claim was the culprit. It prevented the app roles from appearing in the token. After removing the optional groups claim entirely, I could see the app roles coming up under the roles claim in the token. Thanks a ton to @Niels Rossen