[keycloak-user] User attributes in ID Token using protocol mappers

[Marek Posolda]

Hi,

I've just tried that with latest 1.2.0.CR1 release and it works as 
expected. Could you also try it with latest version?

Which adapter are you using? In JS application, you should be able to 
retrieve token directly from "tokenParsed" or "idTokenParsed". From 
servlet application, you need to call something like:
accessToken.getOtherClaims().get("accountId");

Also doublecheck the case-sensitivity for both database and name of 
attribute in protocol mapper ( "accountId" vs. "accountID" ).

Last tip: if you added the attribute directly to database, you may need 
to restart keycloak server. It's because user might be already cached by 
Keycloak and hence you won't see the attribute from DB until you restart 
Keycloak server. It's because cache is not cleared if you edit database 
directly.

Marek

On 5.5.2015 16:38, Kalinga Dissanayake wrote:
>
> Is it possible to return a user attribute in the ID token using 
> protocol mappers?
>
> I have a user that has a custom attribute called "accountId" and a 
> value is assigned to it. I checked in the USER_ATTRIBUTE table (mysql) 
> and the values are properly assigned.
>
> I created a protocol mapper. In that I set the protocol type as "User 
> Attribute" and entered the key "accountId" as both the User Attribute 
> and Token Claim Name and switched on both "Add to ID Token" and "Add 
> to Access Token".
>
> I simply cant get this accountID attribute value returned in the ID 
> Token nor Access Token.
>
> Basically I need to return the user attributes in the ID Token / 
> Access Token. Is it possible?
>
> Regards*,*
>
> Kalinga
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150505/1c36307a/attachment.html