diff --git a/tf-stage-1/modules/kc-client/outputs.tf b/tf-stage-1/modules/kc-client/outputs.tf
index cc52cde..55e6123 100644
--- a/tf-stage-1/modules/kc-client/outputs.tf
+++ b/tf-stage-1/modules/kc-client/outputs.tf
@@ -10,3 +10,6 @@ output "access_group" {
 output "realm" {
   value = data.keycloak_realm.realm
 }
+output "client_id" {
+  value = var.client_id
+}
diff --git a/tf-stage-1/service_gitea.tf b/tf-stage-1/service_gitea.tf
index ea69fa6..a1fbd85 100644
--- a/tf-stage-1/service_gitea.tf
+++ b/tf-stage-1/service_gitea.tf
@@ -27,7 +27,7 @@ resource "keycloak_openid_user_property_protocol_mapper" "gitea-username-mapper"
 resource "keycloak_openid_user_client_role_protocol_mapper" "gitea-role-mapper" {
   realm_id  = module.giteaclient.realm.id
   client_id = module.giteaclient.client.id
-  # client_id_for_role_mappings = module.giteaclient.client.id
+  client_id_for_role_mappings = module.giteaclient.client_id
   multivalued         = true
   name                = "user-client-role-mapper"
   claim_name          = "roles"
diff --git a/tf-stage-1/service_minio.tf b/tf-stage-1/service_minio.tf
index b687b40..e298064 100644
--- a/tf-stage-1/service_minio.tf
+++ b/tf-stage-1/service_minio.tf
@@ -44,7 +44,7 @@ resource "keycloak_openid_user_session_note_protocol_mapper" "minio-client-ip-ad
 resource "keycloak_openid_user_client_role_protocol_mapper" "minio-role-mapper" {
   realm_id  = module.minioclient.realm.id
   client_id = module.minioclient.client.id
-  client_id_for_role_mappings = module.minioclient.client.id
+  client_id_for_role_mappings = module.minioclient.client_id
   multivalued         = true
   name                = "user-client-role-mapper"
   claim_name          = "roles"
diff --git a/tf-stage-1/service_seafile.tf b/tf-stage-1/service_seafile.tf
index 6fc694e..0ca756c 100644
--- a/tf-stage-1/service_seafile.tf
+++ b/tf-stage-1/service_seafile.tf
@@ -31,7 +31,7 @@ resource "keycloak_openid_user_client_role_protocol_mapper" "seafile-role-mapper
   multivalued                 = true
   name                        = "user-client-role-mapper"
   claim_name                  = "roles"
-  client_id_for_role_mappings = module.seafileclient.client.id
+  client_id_for_role_mappings = module.seafileclient.client_id
   add_to_userinfo             = true
   add_to_access_token         = true
   add_to_id_token             = false