<html><head></head><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px"><div id="yui_3_16_0_ym19_1_1470976371254_3550">Hello,</div><div id="yui_3_16_0_ym19_1_1470976371254_3551">It seems that there is no way to map the claims returned by the /userinfo endpoint to user attributes. </div><div id="yui_3_16_0_ym19_1_1470976371254_3552">I set up an OIDC identity broker to enable external identity broker authentication in keycloak. Some of the </div><div id="yui_3_16_0_ym19_1_1470976371254_3553" dir="ltr">relevant information about the user, such as language, locale, etc. are available only by calling the /userinfo point, </div><div id="yui_3_16_0_ym19_1_1470976371254_3554" dir="ltr">so I wanted to map the claims returned by the endpoint to the user attributes using the available mappers.</div><div id="yui_3_16_0_ym19_1_1470976371254_3554" dir="ltr">Unfortunately, it seems that the Attribute Mapper can maps ID token or </div><div id="yui_3_16_0_ym19_1_1470976371254_3555">Access token claims (User Attribute Mapper), and completely ignores the userInfo claims. </div><div id="yui_3_16_0_ym19_1_1470976371254_3556">Searching through the codebase, I've found that OIDC identity broker calls </div><div id="yui_3_16_0_ym19_1_1470976371254_3557">AbstractJsonUserAttributeMapper.storeUserProfileForMapper to store the user profile</div><div id="yui_3_16_0_ym19_1_1470976371254_3558" dir="ltr">returned by the call to /userinfo endpoint in the user's context data. However, there seems to be no way </div><div id="yui_3_16_0_ym19_1_1470976371254_3559">(without modifying the code that is) to map that data to the attributes of the </div><div id="yui_3_16_0_ym19_1_1470976371254_3560">federated user created by the OIDC identity broker.</div><div id="yui_3_16_0_ym19_1_1470976371254_3561"><br id="yui_3_16_0_ym19_1_1470976371254_3562"></div><div id="yui_3_16_0_ym19_1_1470976371254_3563">Am I missing something here or this functionality is not available out of the box for OIDC identity broker?</div><div id="yui_3_16_0_ym19_1_1470976371254_3563"><br></div><div id="yui_3_16_0_ym19_1_1470976371254_3564">I am using keycloak version 2.1.0 </div><div id="yui_3_16_0_ym19_1_1470976371254_3565"><br id="yui_3_16_0_ym19_1_1470976371254_3566"></div><div id="yui_3_16_0_ym19_1_1470976371254_3567">Thank you,</div><div dir="ltr" id="yui_3_16_0_ym19_1_1470976371254_3568">--Peter</div></div></body></html>