[keycloak-user] User attributes in ID Token using protocol mappers
Marek Posolda
mposolda at redhat.com
Tue May 5 11:12:42 EDT 2015
Hi,
I've just tried that with latest 1.2.0.CR1 release and it works as
expected. Could you also try it with latest version?
Which adapter are you using? In JS application, you should be able to
retrieve token directly from "tokenParsed" or "idTokenParsed". From
servlet application, you need to call something like:
accessToken.getOtherClaims().get("accountId");
Also doublecheck the case-sensitivity for both database and name of
attribute in protocol mapper ( "accountId" vs. "accountID" ).
Last tip: if you added the attribute directly to database, you may need
to restart keycloak server. It's because user might be already cached by
Keycloak and hence you won't see the attribute from DB until you restart
Keycloak server. It's because cache is not cleared if you edit database
directly.
Marek
On 5.5.2015 16:38, Kalinga Dissanayake wrote:
>
> Is it possible to return a user attribute in the ID token using
> protocol mappers?
>
> I have a user that has a custom attribute called "accountId" and a
> value is assigned to it. I checked in the USER_ATTRIBUTE table (mysql)
> and the values are properly assigned.
>
> I created a protocol mapper. In that I set the protocol type as "User
> Attribute" and entered the key "accountId" as both the User Attribute
> and Token Claim Name and switched on both "Add to ID Token" and "Add
> to Access Token".
>
> I simply cant get this accountID attribute value returned in the ID
> Token nor Access Token.
>
> Basically I need to return the user attributes in the ID Token /
> Access Token. Is it possible?
>
> Regards*,*
>
> Kalinga
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150505/1c36307a/attachment.html
More information about the keycloak-user
mailing list