[keycloak-user] Multivalued user attributes mapping

Marek Posolda mposolda at redhat.com
Mon Sep 21 08:32:09 EDT 2015

On 21/09/15 11:52, Sascha Skorupa wrote:
> Hi,
> we are currently evaluating Keycloak as IDM solution for our company. 
> In doing so we encountered the following questions according to 
> storing authorization data:
> 1)In the “Mapper” section it is possible to configure how user 
> attributes are mapped to tokens/claims.  It is also possible to turn 
> on “Multivalued” mapping, so that every value of one attribute is set 
> as claim. But, how you can configure multiple values for one 
> attribute? If you save another value with the same key the existing 
> one is overwritten.
You mean to map multiple different attributes from User into one 
attribute of AccessToken? That's not possible with the existing mappers 
. The thing is that you can write your own protocol mapper 
implementation and map the claims exactly how you want.
> 2)One of requirements is to persist custom authorization data 
> hierarchically and to map this data into access tokens. Is there any 
> recommendation how to realize this in keycloak or is the only way to 
> use flat user attributes (key/value).
The accessToken has "otherClaims" map on it. You can use any hierarchy 
you want to map your stuff into the access token. The best is again to 
write your own protocol mapper to achieve exactly what you want.

> Thanks, Sascha
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150921/a20042ff/attachment.html 

More information about the keycloak-user mailing list