diff --git a/src/test/java/de/itvsh/kop/user/UserRepresentationTestFactory.java b/src/test/java/de/itvsh/kop/user/UserRepresentationTestFactory.java
index d13f4031e36b987a7bd4ec4999d02a7a60c2c9b2..f1c8a5504cf50231d55f7a78c8afbfc138f76bb9 100644
--- a/src/test/java/de/itvsh/kop/user/UserRepresentationTestFactory.java
+++ b/src/test/java/de/itvsh/kop/user/UserRepresentationTestFactory.java
@@ -17,7 +17,7 @@ public class UserRepresentationTestFactory {
 
 	static final String EXTERNAL_ID = "external-id-1-ldap";
 	static final String EXTERNAL_ID_FALLBACK = "external-id-2-keykloak";
-	static final String ROLE = "VERWALTUNG_USER";
+	static final String ROLE_NAME = "VERWALTUNG_USER";
 
 	private static final long CREATED = Instant.now().toEpochMilli();
 
@@ -26,8 +26,8 @@ public class UserRepresentationTestFactory {
 	private static final String LDAP_ID_KEY = "LDAP_ID";
 	static final Map<String, List<String>> ATTRIBUTES = Map.of(LDAP_ID_KEY, List.of(EXTERNAL_ID));
 
-	private static final String CLIENT_KEY = "sh-kiel-dev-goofy";
-	private static final Map<String, List<String>> CLIENT_ROLED = Map.of(CLIENT_KEY, List.of(ROLE));
+	static final String CLIENT_KEY = "sh-kiel-dev-goofy";
+	private static final Map<String, List<String>> CLIENT_ROLED = Map.of(CLIENT_KEY, List.of(ROLE_NAME));
 
 	static UserRepresentation createWithAttributes(Map<String, List<String>> attributes) {
 		var user = create();
diff --git a/src/test/java/de/itvsh/kop/user/UserResourceMapperTest.java b/src/test/java/de/itvsh/kop/user/UserResourceMapperTest.java
index 1c49206c0d7c83763f87b27849d66eb052b2b86e..7aadfde8b07262e820ef527fb09ccc24ac4b8887 100644
--- a/src/test/java/de/itvsh/kop/user/UserResourceMapperTest.java
+++ b/src/test/java/de/itvsh/kop/user/UserResourceMapperTest.java
@@ -3,14 +3,22 @@ package de.itvsh.kop.user;
 import static org.assertj.core.api.Assertions.*;
 import static org.mockito.Mockito.*;
 
+import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 
 import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.DisplayName;
 import org.junit.jupiter.api.Nested;
 import org.junit.jupiter.api.Test;
 import org.keycloak.admin.client.resource.RealmResource;
+import org.keycloak.admin.client.resource.RoleMappingResource;
+import org.keycloak.admin.client.resource.RoleScopeResource;
+import org.keycloak.admin.client.resource.UserResource;
+import org.keycloak.representations.idm.ClientMappingsRepresentation;
 import org.keycloak.representations.idm.GroupRepresentation;
+import org.keycloak.representations.idm.MappingsRepresentation;
+import org.keycloak.representations.idm.RoleRepresentation;
 import org.mapstruct.factory.Mappers;
 import org.mockito.InjectMocks;
 import org.mockito.Mock;
@@ -31,7 +39,7 @@ class UserResourceMapperTest {
 	private UserResourceMapper mapper = Mappers.getMapper(UserResourceMapper.class);
 
 	@Mock
-	private KeycloakApiProperties apiProperties;
+	private KeycloakApiProperties properties;
 
 	@Mock
 	private RealmResource realm;
@@ -41,11 +49,14 @@ class UserResourceMapperTest {
 
 		@BeforeEach
 		void init() {
-			when(apiProperties.ldapIdKey()).thenReturn("LDAP_ID");
-			when(apiProperties.organisationsEinheitIdKey()).thenReturn("organisationseinheitId");
-			when(apiProperties.client()).thenReturn("sh-kiel-dev-goofy");
+			when(properties.ldapIdKey()).thenReturn("LDAP_ID");
+			when(properties.organisationsEinheitIdKey()).thenReturn("organisationseinheitId");
+			when(properties.client()).thenReturn("sh-kiel-dev-goofy");
 			when(realm.getGroupByPath(GROUP_1_PATH))
 					.thenReturn(GroupRepresentationTestFactory.createByPathAndOrganisationEinheitId(GROUP_1_PATH, ORGANISATIONS_EINHEIT_ID_1));
+			when(properties.ldapIdKey()).thenReturn("LDAP_ID");
+			when(properties.organisationsEinheitIdKey()).thenReturn("organisationseinheitId");
+			when(properties.client()).thenReturn("sh-kiel-dev-goofy");
 		}
 
 		@Test
@@ -122,7 +133,95 @@ class UserResourceMapperTest {
 		void shouldMapRoles() {
 			User user = mapper.toKopUser(UserResourceTestFactory.create());
 
-			assertThat(user.getRoles()).isNotEmpty().contains(UserRepresentationTestFactory.ROLE);
+			assertThat(user.getRoles()).isNotEmpty().contains(UserRepresentationTestFactory.ROLE_NAME);
 		}
 	}
-}
+
+	@DisplayName("Get client roles")
+	@Nested
+	class TestGetClientRoles {
+
+		@Mock
+		private UserResource userResource;
+
+		@Mock
+		private RoleMappingResource roleMappingResource;
+		@Mock
+		private RoleScopeResource roleScopeResource;
+		@Mock
+		private MappingsRepresentation mappingsRepresentation;
+		@Mock
+		private Map<String, ClientMappingsRepresentation> clientMappingsRepresentation;
+		@Mock
+		private ClientMappingsRepresentation clientMappingRepresentation;
+
+		@BeforeEach
+		void init() {
+			when(userResource.roles()).thenReturn(roleMappingResource);
+			when(roleMappingResource.getAll()).thenReturn(mappingsRepresentation);
+		}
+
+		@DisplayName("on existing roles")
+		@Nested
+		class TestOnAssignedRoles {
+
+			@BeforeEach
+			void init() {
+				when(properties.client()).thenReturn(UserRepresentationTestFactory.CLIENT_KEY);
+
+				when(mappingsRepresentation.getClientMappings()).thenReturn(clientMappingsRepresentation);
+				when(clientMappingsRepresentation.containsKey(UserRepresentationTestFactory.CLIENT_KEY)).thenReturn(true);
+				when(clientMappingsRepresentation.get(UserRepresentationTestFactory.CLIENT_KEY)).thenReturn(clientMappingRepresentation);
+				when(clientMappingRepresentation.getMappings()).thenReturn(List.of(createRoleRepresentation()));
+			}
+
+			private RoleRepresentation createRoleRepresentation() {
+				var roleRepresentation = new RoleRepresentation();
+				roleRepresentation.setName(UserRepresentationTestFactory.ROLE_NAME);
+				return roleRepresentation;
+			}
+
+			@Test
+			void shouldReturnRolesIfExists() {
+				var roles = mapper.mapRoles(userResource);
+
+				assertThat(roles).isNotEmpty();
+				assertThat(roles.get(0)).isEqualTo(UserRepresentationTestFactory.ROLE_NAME);
+			}
+		}
+
+		@Nested
+		class TestOnNonExistingClient {
+
+			@BeforeEach
+			void init() {
+				when(properties.client()).thenReturn(UserRepresentationTestFactory.CLIENT_KEY);
+
+				when(mappingsRepresentation.getClientMappings()).thenReturn(Collections.emptyMap());
+			}
+
+			@Test
+			void shouldReturnEmptyListIfNoRolesAttached() {
+				var roles = mapper.mapRoles(userResource);
+
+				assertThat(roles).isEmpty();
+			}
+		}
+
+		@Nested
+		class TestNullClientMappings {
+
+			@BeforeEach
+			void init() {
+				when(mappingsRepresentation.getClientMappings()).thenReturn(null);
+			}
+
+			@Test
+			void shouldReturnEmptyListIfNoRolesAttached() {
+				var roles = mapper.mapRoles(userResource);
+
+				assertThat(roles).isEmpty();
+			}
+		}
+	}
+}
\ No newline at end of file
diff --git a/src/test/java/de/itvsh/kop/user/StubUserResource.java b/src/test/java/de/itvsh/kop/user/UserResourceStub.java
similarity index 96%
rename from src/test/java/de/itvsh/kop/user/StubUserResource.java
rename to src/test/java/de/itvsh/kop/user/UserResourceStub.java
index 3e21ac946e9ef29cfcaa0b932c552c2f4761454a..9ed3beaf6df8c4bdc0145dfecf0b96afc11c9888 100644
--- a/src/test/java/de/itvsh/kop/user/StubUserResource.java
+++ b/src/test/java/de/itvsh/kop/user/UserResourceStub.java
@@ -20,15 +20,15 @@ import org.keycloak.representations.idm.UserSessionRepresentation;
 import lombok.NoArgsConstructor;
 
 @NoArgsConstructor
-class StubUserResource implements UserResource {
+class UserResourceStub implements UserResource {
 	private UserRepresentation userRepresentation = UserRepresentationTestFactory.create();
 	private List<GroupRepresentation> groups = List.of(GroupRepresentationTestFactory.createGroup(UserResourceMapperTest.GROUP_1_PATH));
 
-	public StubUserResource(Map<String, List<String>> attributes) {
+	public UserResourceStub(Map<String, List<String>> attributes) {
 		userRepresentation = UserRepresentationTestFactory.createWithAttributes(attributes);
 	}
 
-	public StubUserResource(List<GroupRepresentation> groups) {
+	public UserResourceStub(List<GroupRepresentation> groups) {
 		this.groups = groups;
 	}
 
@@ -211,7 +211,7 @@ class StubUserResource implements UserResource {
 			public MappingsRepresentation getAll() {
 				var rep = new MappingsRepresentation();
 				var clientMapRep = new ClientMappingsRepresentation();
-				var roleRep = new RoleRepresentation(UserRepresentationTestFactory.ROLE, "Test role", false);
+				var roleRep = new RoleRepresentation(UserRepresentationTestFactory.ROLE_NAME, "Test role", false);
 				clientMapRep.setMappings(List.of(roleRep));
 				rep.setClientMappings(Map.of("sh-kiel-dev-goofy", clientMapRep));
 				return rep;
diff --git a/src/test/java/de/itvsh/kop/user/UserResourceTestFactory.java b/src/test/java/de/itvsh/kop/user/UserResourceTestFactory.java
index 6330d09473b026a84a2b6c55fd8b26a46dcf9a3d..48a49d0eabe39e09004f9727b2fb42fdad9f8572 100644
--- a/src/test/java/de/itvsh/kop/user/UserResourceTestFactory.java
+++ b/src/test/java/de/itvsh/kop/user/UserResourceTestFactory.java
@@ -9,14 +9,14 @@ import org.keycloak.representations.idm.GroupRepresentation;
 public class UserResourceTestFactory {
 
 	public static UserResource create() {
-		return new StubUserResource();
+		return new UserResourceStub();
 	}
 
 	public static UserResource createWithAttributes(Map<String, List<String>> attributes) {
-		return new StubUserResource(attributes);
+		return new UserResourceStub(attributes);
 	}
 
 	public static UserResource createWithGroups(List<GroupRepresentation> groups) {
-		return new StubUserResource(groups);
+		return new UserResourceStub(groups);
 	}
 }