<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Hi,<br>
<br>
I've just tried that with latest 1.2.0.CR1 release and it works as
expected. Could you also try it with latest version? <br>
<br>
Which adapter are you using? In JS application, you should be able
to retrieve token directly from "tokenParsed" or "idTokenParsed".
From servlet application, you need to call something like:<br>
accessToken.getOtherClaims().get("accountId");<br>
<br>
Also doublecheck the case-sensitivity for both database and name
of attribute in protocol mapper ( "accountId" vs. "accountID" ). <br>
<br>
Last tip: if you added the attribute directly to database, you may
need to restart keycloak server. It's because user might be
already cached by Keycloak and hence you won't see the attribute
from DB until you restart Keycloak server. It's because cache is
not cleared if you edit database directly.<br>
<br>
Marek<br>
<br>
On 5.5.2015 16:38, Kalinga Dissanayake wrote:<br>
</div>
<blockquote cite="mid:1430836684.06481955@apps.rackspace.com"
type="cite"><font face="arial" size="2">
<p style="margin:0;padding:0;font-family: arial; font-size:
10pt; word-wrap: break-word;"> </p>
<p style="margin:0;padding:0;font-family: arial; font-size:
10pt; word-wrap: break-word;">Is it possible to return a user
attribute in the ID token using protocol mappers?</p>
<p style="margin:0;padding:0;font-family: arial; font-size:
10pt; word-wrap: break-word;">I have a user that has a custom
attribute called "accountId" and a value is assigned to it. I
checked in the USER_ATTRIBUTE table (mysql) and the values are
properly assigned.</p>
<p style="margin:0;padding:0;font-family: arial; font-size:
10pt; word-wrap: break-word;"> </p>
<p style="margin:0;padding:0;font-family: arial; font-size:
10pt; word-wrap: break-word;">I created a protocol mapper. In
that I set the protocol type as "User Attribute" and entered
the key "accountId" as both the <span style="text-decoration:
underline;">User Attribute</span> and <span
style="text-decoration: underline;">Token Claim Name</span>
and switched on both "Add to ID Token" and "Add to Access
Token".</p>
<p style="margin:0;padding:0;font-family: arial; font-size:
10pt; word-wrap: break-word;"> </p>
<p style="margin:0;padding:0;font-family: arial; font-size:
10pt; word-wrap: break-word;">I simply cant get this accountID
attribute value returned in the ID Token nor Access Token.</p>
<p style="margin:0;padding:0;font-family: arial; font-size:
10pt; word-wrap: break-word;"> </p>
<p style="margin:0;padding:0;font-family: arial; font-size:
10pt; word-wrap: break-word;">Basically I need to return the
user attributes in the ID Token / Access Token. Is it
possible?</p>
<p style="margin:0;padding:0;font-family: arial; font-size:
10pt; word-wrap: break-word;"> </p>
<!--WM_COMPOSE_SIGNATURE_START-->
<p class="MsoNormal"
style="margin:0;padding:0;mso-margin-top-alt: auto;
mso-margin-bottom-alt: auto;">Regards<strong>,</strong></p>
<p class="MsoNormal"
style="margin:0;padding:0;mso-margin-top-alt: auto;
mso-margin-bottom-alt: auto;"> </p>
<p class="MsoNormal"
style="margin:0;padding:0;mso-margin-top-alt: auto;
mso-margin-bottom-alt: auto;">Kalinga</p>
<!--WM_COMPOSE_SIGNATURE_END--></font>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</body>
</html>