[keycloak-user] Mapping identity provider ID (sub) to user attribute
Eivind Larsen
eivind at jotta.no
Tue Apr 10 07:17:03 EDT 2018
Hi.
I have setup a realm using another keycloak as OIDC identity provider.
So we have a setup:
client —> keycloak A <—> keycloak B
Where we control A but not B.
Since we have a custom integration with this provider from before, I
need to get the id of the provided identity (B.sub) into the access
token produced by A to remain backward compatible with our data.
To accomplish this, I followed the outline from:
https://lists.jboss.org/pipermail/keycloak-user/2017-October/012132.html
where a mapper (“Attribute importer”) is added to the identity
provider, which should import claim ‘sub’ as a user attribute.
We would then import claim ‘sub' into user attribute ‘sub', then for
the client, map user attribute ’sub' to claim ‘provider_id' in access
token.
However, no value is imported from the identity no matter which claims
or attribute I map to/from.
Only the hardcoded values seem to show up when I list the attributes
of the user in the admin console.
Can anyone confirm if this should work, and what I should try next?
I have tried importing claim sub from provided identity into many
different custom user attributes to no avail.
More information about the keycloak-user
mailing list