From b7d1483a08c8059ec8d8fe8398f3024d4dd16965 Mon Sep 17 00:00:00 2001
From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com>
Date: Sat, 14 Feb 2026 21:14:17 +0100
Subject: [PATCH] [PR #11500/c9313af9 backport][stable-12]
 keycloak_identity_provider: add claims example for
 oidc-advanced-group-idp-mapper (#11507)

keycloak_identity_provider: add claims example for oidc-advanced-group-idp-mapper (#11500)

Add claims example for oidc-advanced-group-idp-mapper

For me it wasn't clear how to create claims using oidc-advanced-group-idp-mapper, perhaps other people can benefit from the following example.

(cherry picked from commit c9313af9714fd308d57cf26b3746f2e0ec85d0ac)

Co-authored-by: David Filipe <68902816+daveopz@users.noreply.github.com>
---
 plugins/modules/keycloak_identity_provider.py | 29 +++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/plugins/modules/keycloak_identity_provider.py b/plugins/modules/keycloak_identity_provider.py
index a5bdc41078..13a1499bfc 100644
--- a/plugins/modules/keycloak_identity_provider.py
+++ b/plugins/modules/keycloak_identity_provider.py
@@ -368,6 +368,35 @@ EXAMPLES = r"""
           attribute.friendly.name: User Roles
           attribute.name: roles
           syncMode: INHERIT
+
+- name: Create OIDC identity provider, authentication with credentials and advanced claim to group
+  community.general.keycloak_identity_provider:
+    state: present
+    auth_keycloak_url: https://auth.example.com/auth
+    auth_realm: master
+    auth_username: admin
+    auth_password: admin
+    realm: myrealm
+    alias: oidc-idp
+    display_name: OpenID Connect IdP
+    enabled: true
+    provider_id: oidc
+    config:
+      issuer: https://idp.example.com
+      authorizationUrl: https://idp.example.com/auth
+      tokenUrl: https://idp.example.com/token
+      userInfoUrl: https://idp.example.com/userinfo
+      clientAuthMethod: client_secret_post
+      clientId: my-client
+      clientSecret: secret
+      syncMode: FORCE
+    mappers:
+      - name: group_name
+        identityProviderMapper: oidc-advanced-group-idp-mapper
+        config:
+          claims: '[{"key":"my_key","value":"my_value"}]'
+          group: group_name
+          syncMode: INHERIT
 """
 
 RETURN = r"""