[keycloak-user] Groups as array of objects (Script Mapper ? )

Daniel Teixeira ddtxra at gmail.com
Mon Jul 23 12:31:29 EDT 2018


Thank you Dmitry,
I was trying to see if there was an option without writing a java module. What
you are suggesting is to create a module, correct?

I gave a try to my first "module" but couldn't find very much info or
examples about how to write custom protocol mappers.
Are they configured the same was as Authentication Providers?

I tried to configure it, but I get a ModuleNotFoundException, here is what
I did:
https://github.com/ddtxra/sib-group-membership-mapper

Can someone spot the problem?
Thanks very much for your help!


On Mon, Jul 23, 2018 at 4:04 AM, Dmitry Telegin <dt at acutus.pro> wrote:

> Hi Daniel,
>
> Not sure if Script Mapper allows for that, but you could definitely
> solve this with a custom ProtocolMapper. Use the "Group Membership"
> mapper as a reference, but return an array of objects instead of an
> array of strings.
>
> Cheers,
> Dmitry Telegin
> CTO, Acutus s.r.o.
> Keycloak Consulting and Training
>
> Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
> +42 (022) 888-30-71
> E-mail: info at acutus.pro
>
> On Fri, 2018-07-20 at 14:26 +0200, Daniel Teixeira wrote:
> > Hello,
> > I am trying to configure my userinfo token to get the groups, as an
> > array
> > of objects.
> > Currently if I add the "Group Membership" mapper in my client, an
> > array of
> > Strings with the groups is returns.
> >
> > {
> >   "name": "Dummy User",
> >   "groups": ["group1", "group2", "group3"]
> >    ...
> > }
> >
> > But what I need for a SSO Confluence plugin to work is the following
> > format:
> > (The name of the attributes don't matter, but I need an array of
> > objects
> > for the groups)
> >
> > {
> >   "name": "Dummy User",
> >   "groups": [ {"group_name": "group1"},
> >                    {"group_name": "group2"},
> >                    {"group_name": "group3"}  ]
> >  ...
> > }
> >
> > So I have tried to created Script Mapper as follows:
> >
> > *var groups = [];*
> > *user.getGroups().forEach(function(groupModel) {*
> > *    var groupName = groupModel.getName();*
> > *    groups.push({"group_name": groupName});*
> > *})*
> >
> > *token.setOtherClaims("groups", groups);*
> >
> >
> > But this script produces a token as following:
> >
> > {
> >   "name": "Dummy User",
> >   "groups": {
> >     "0": {
> >       "group_name": "group1"
> >     },
> >     "1": {
> >       "group_name": "group2"
> >     },
> >     "2": {
> >       "group_name": "group3"
> >     }
> >   },
> >   ....
> > }
> >
> > Which is not an array of object, but a map of objects.
> > I have tried to toggle the option multivalued but it didn't change
> > anything.
> >
> > Is there a way to have an array?
> > Could someone help me with that?
> > Thanks in advance!
> >
> > Cheers,
> > Daniel Teixeira
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>



-- 
Daniel Teixeira


More information about the keycloak-user mailing list