[keycloak-user] Adding custom user claims after login
Josh Cain
jcain at redhat.com
Mon Dec 4 11:26:26 EST 2017
Hi Paolo,
We do something very similar to that by extending the attribute mapper
SPI for the protocol we're using. I'd check out:
- SAMLAttributeStatementMapper
- OIDCAccessTokenMapper
- OIDCIDTokenMapper
Josh Cain
Senior Software Applications Engineer, RHCE
Red Hat North America
jcain at redhat.com IRC: jcain
On 12/04/2017 04:03 AM, Paolo Tedesco wrote:
> Hi all,
>
> I would need to add dynamically some custom client-specific claims to a user's token after authentication.
> The basic idea is that I would need to call an external application, asking for the custom claims for the authenticated user for the target client.
> If I've understood correctly, I cannot do this with mappers, and I could not find a custom SPI type that fits this purpose.
> Is there a way to do this with Keycloak?
>
> Thanks,
> Paolo
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20171204/5bec43ca/attachment.bin
More information about the keycloak-user
mailing list