[keycloak-user] OIDC Identity Provider userinfo parsing problem
Dmitry Telegin
dt at acutus.pro
Tue Dec 11 14:29:45 EST 2018
Hello Simon,
I think you don't need to introduce a dedicated IdentityProvider to workaround the dot issue. Instead, you can try creating a protocol mapper.
As for newer Keycloak versions, I can test it on Keycloak 4.7.0 if Signicat allows for some test/demo access. Do you have any info on it?
Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info at acutus.pro
On Mon, 2018-12-10 at 10:02 +0000, Simon Buch Vogensen wrote:
> Hi
>
> We are using keycloak 2.5.5 (redhat sso 7.1) as an identity broker with Signicat.com as oidc identity provider.
> When keycloak requests userinfo from signicat the response does not parse correctly.
>
> Here is an example response.
>
> {"sub":"xxxxxxxxxxxxxx","name":"Simon Vogensen","signicat.national_id":"123412341234","given_name":"Simon","locale":"SV","family_name":"Vogensen"}
>
> The problem is the dot in the parametername "signicat.national_id" conflicts with the JSON_PATH_DELIMITER in AbstractJsonUserAttributeMapper resulting in the value not getting parsed at all.
>
> The fix I have come up with would be a
>
> currentNode = baseNode.get(fieldPath);
>
> call after no node has been found. See line 206.
>
> I guess this little problem does not qualify for a fix of 2.5.5 - and I don't want to patch our installation - so I guess my best option is to create a specific Signicat Identity Provider - and fix the response in there before sending it into keycloak?
>
> Is this problem fixed in newer versions of keycloak?
>
> Thanks in advance
>
> Regards
> Simon Buch Vogensen
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list