I’ve configured Google Workspace SSO for Keycloak via SAML 2.0. I need to sync the groups from google with roles in keycloak. To do soI 'm using “Advanced claim to role” mapper. However this only works once per user login (doesn’t matter which sync mode) and on the second login attempt it fails due to Keycloak attempting to append the same user to the same role and prints an error. Any suggestions on how to get around this will be very much appreciated.
I think it was worth mentioning that I am doing user federation with User SPI. The issue only happens with federated users.