Skip to content

digital blueprint handbook

Custom Roles Mapping

digital blueprint handbook

Overview
Blueprints
Blueprints
- Overview
- Check-in
- ESign
- Plan
- Dual Delivery
- Mono
- Cabinet
- Archived Blueprints
  Archived Blueprints
  - Greenlight
Components
Components
- Apps
  Apps
  - Mono
  - Cabinet
- API
  API
  - Server Template
    Server Template
    
    Overview
  - Core Bundle
    Core Bundle
    
    Overview
    
    Configuration
    
    LDAP Connector
    LDAP Connector
    
    Overview
    
    Textfile Connector
    Textfile Connector
    
    Overview
    
    Campusonline Connector
    Campusonline Connector
    
    Overview
    
    OIDC Bundle
    OIDC Bundle
    
    Overview
    
    Configuration
    
    Custom Roles Mapping
  - Base Person Bundle
    Base Person Bundle
    
    Overview
    
    LDAP Connector
    LDAP Connector
    
    Overview
    
    Configuration
    
    Events
    
    Example Customizations
  - Blob Bundle
    Blob Bundle
    
    Overview
    
    Configuration
    
    API
    
    Examples
    
    Sequence Diagrams
    
    Stored data
  - Base Organization Bundle
    Base Organization Bundle
    
    Overview
  - Electronic Signature Bundle
    Electronic Signature Bundle
    
    Overview
    
    Bundle Configuration
    
    Advanced Signature Flow
    
    Advanced Signature Example
    
    Qualified Signature Flow
    
    Signature Block Positioning
    
    CLI Commands
  - Formalize Bundle
    Formalize Bundle
    
    Overview
    
    Configuration
    
    Authorization
    
    Database migration
    
    API
    
    Events
  - Sublibrary Bundle
    Sublibrary Bundle
    
    Overview
  - Authentic Documents Bundle
    Authentic Documents Bundle
    
    Overview
  - Check In Bundle
    Check In Bundle
    
    Overview
  - Mono Bundle
    Mono Bundle
    
    Overview
    
    Configuration
    
    Logging
    
    Miscellaneous
    
    CAMPUSonline Connector
    CAMPUSonline Connector
    
    Overview
    
    Configuration
    
    PayUnity Connector
    PayUnity Connector
    
    Mono PayUnity Connector
    
    Configuration
    
    Generic Connector
    Generic Connector
    
    Overview
  - Dispatch Bundle
    Dispatch Bundle
    
    Overview
    
    Configuration
    
    Authorization
    
    Database
    
    CLI Commands
    
    API
  - Cabinet Bundle
    Cabinet Bundle
    
    Overview
    
    Configuration
    
    Database
    
    API
    
    CLI Commands
    
    CAMPUSonline Connector
    CAMPUSonline Connector
    
    Overview
    
    Bundle Configuration
    
    CAMPUSonline API
    
    Provided Student Data
- Supporting Software
  Supporting Software
  - PDF-AS Server
  - Blob Library
    Blob Library
    
    Overview
    
    Api
    
    Error codes
- Archived Components
  Archived Components
  - Greenlight Bundle
    Greenlight Bundle
    
    Overview
    
    Configuration
    
    API
    
    Miscellaneous
    
    CAMPUSonline Connector
    CAMPUSonline Connector
    
    Overview
    
    Configuration
    
    Events
Frameworks
Frameworks
- Overview
- Relay API Gateway
  Relay API Gateway
  - Overview
  - User Guide
    User Guide
    
    Overview
    
    Client Credentials Flow Example
    
    Error Handling
    
    Pagination
    
    Translations
  - Administration Guide
    Administration Guide
    
    Overview
    
    Extending with Bundles
    
    Running in Production
    
    Gateway Configuration
    
    Access Control
    
    Symfony Expression Language
    
    Locks
    
    Queued Tasks
    
    Cron Jobs
    
    Database Management
    
    Reverse Proxies & Load Balancers
    
    Debugging
    
    Updating the Application
    
    FAQ
  - Developer Guide
    Developer Guide
    
    Overview
    
    Getting Started
    
    Creating a New Bundle
    
    Bundle Configuration
    
    Access Control
    
    Cron Jobs
    
    API Errors
    
    Message Queue
    
    Logging
    
    Local Data Aware Entities
    
    Locks
    
    Creating APIs
    
    Custom HTTP Headers
    
    CLI Commands
    
    Health Checks
    
    Naming Conventions
    
    Guidelines
    
    FAQ
    
    Coding Standard & Linters
    
    IDE Integration
    
    DateTime/Duration Handling in the API, PHP and Config
    
    Pagination
    
    Translations
    
    Base Entities
    
    Bundle Event Hooks
    
    Database Handling
    
    System Requirements Policy
  - HowTos
    HowTos
    
    Scopes in Keycloak
    
    Setting an Audience in Keycloak
    
    Creating a Service Account for the Client Credentials Flow
- Frontend Framework
  Frontend Framework
  - Overview
  - Getting Started
  - Web Components
  - Activities
  - Runtime Configuration
  - Theming and individualizing your application
  - Keycloak Integration
  - Developer Guide
    Developer Guide
    
    Coding Standard
    
    Accessibility
    
    UI Guidelines
    
    Web Component Guidelines
    
    Testing
    
    Build Tooling
    
    Browser Compatibility / Requirements
    
    Remote Android Debugging
    
    Assets & Bundle Layout
    
    Topics Metadata
    
    FAQ
    
    Translations
Corporate Design
Corporate Design
- Logo
- Brand name
- Colors
- Fonts
- Secondary Design Elements
- Icons
- Apps
How-Tos
How-Tos
- Setting up Docker & Docker-Compose
Demo Access
Contribute
Contact & Legal Notice

Custom Roles Mapping

The OIDC bundle provides a default Symfony service implementing the UserRolesInterface interface which translates OAuth2 token scopes into Symfony roles. By default, it creates roles with the prefix ROLE_SCOPE_ and appends the scopes in uppercase.

Examples:

my-scope → ROLE_SCOPE_MY-SCOPE
MyScope → ROLE_SCOPE_MYSCOPE

You can override this by registering your own symfony service which implements UserRolesInterface and implementing the getRoles() method. There you can change the mapping and also inject roles from other sources, like LDAP for example.

If you are not using Symfony roles, you can disable this feature altogether by setting set_symfony_roles_from_scopes to false in the bundle config.