Mapping user groups to JWT in keycloak maps realm roles instead
I am trying to map groups assigned to a user to a claim in the JWT provided by keycloak when signing in. I create the mapping under client -> client scopes -> client-dedicated. I create a new mapper from the predefined mappers. In the list I select groups. 
It also says here that user realm roles are going to be mapped to the claim. In my understanding this is wrong but I am very new to KeyCloak. Subsequently the new claims in my token are the realm roles and not the groups my user is a member of.
These seem to be realm roles and not my groups:
I am using KeyCloak version 22.0.5. Maybe a bug, maybe my understanding of groups is wrong.
Solution
Figured it out, had to create a mapper by configuration, selected "Group membership".
- Authenticate FastAPI with clientid/clientsecret
- Keycloak 18 in Gitlab Service sometimes does not load realm (without error)
- Disabling authenticator, sessions, applications, log and my resources options from the Account Management Console in KeyCloak
- Mapping user groups to JWT in keycloak maps realm roles instead
- Is it possible to disable HTTP for a Keycloak instance in Azure Container Apps?
- Keycloak, not returning access token if update password action selected
- Proper design for th Keycloak auth with APIs and UI
- Keycloak-js updateToken(minValidity) needs clarifications
- "Correlation failed." after upgrading 'Microsoft.IdentityModel.JsonWebTokens' and 'System.IdentityModel.Tokens.Jwt'
- StackOverflow with Keycloak as login provider returns empty email address
- Redirect from java app in docker container to the keyCloak
- How can I know the Keycloak version?
- Export users and roles from Keycloak
- Keycloak move from 23.0 to 24.0: Account is not fully set up [invalid_grant]
- Using a Database as Provider for Keycloak Application Realm
- Keycloak Custom Registration Flow Fails with "KC-SERVICES0013: Failed authentication: java.lang.NullPointerException" Error
- Role based authorization using Keycloak and .NET core
- Globally disable https keycloak
- Use Keycloak Spring Adapter with Spring Boot 3
- KeyCloak Login leads to infinite loop
- How can I get userId after call create user api in keycloak?
- How to add custom metrics to Keycloak 22 with Quarkus and MicroMeter
- Keycloak - Assign a client scope to user with a specific role
- How to save the keycloak data when running inside docker container?
- Keycloak error on console " violating Content Security Policy directive: "frame-ancestors 'self'"
- angular-oauth2-oidc with Keycloak Auth Code Flow Access Token Request is not sent
- Getting Keycloak's public key
- Keycloak with AzureAD how to change the IDP user ID / IDP Links
- Keycloak providers' better technique of registering entity listener
- Logout from next-auth with keycloak provider not works