<div dir="ltr">There are two mappings here<div><br></div><div>Firstly you need an attribute mapper in user federation. This maps an LAP attribute to a Keycloak one.</div><div>I don't think this works on existing users though. Try creating a new LDAP user and log in as that user to test this.</div><div>Check the log. In my case it's at /var/log/wildfly/console.log but might have been moved there by one of our devs.</div><div>Check USER_ATTRIBUTES table in the database. You should have a line for your new attribute for your new user.</div><div>I know this doesn't work for multi-attribute values. eg we have an 'applications' attribute which users will have several entries.</div><div><br></div><div>Secondly you need to map the user attribute you created above to the JWT token</div><div>This is under your client application definition.</div><div>You need a 'user attribute' not 'property' mapper to map the new keycloak user attribute to a value in the token(s)</div><div>You also need to turn it on for either the id token or access token depending on where your client expects it.</div><div><br></div><div><br></div><div><br></div><div><br></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><font color="#000000"><b>Kevin Thorpe<br></b></font></div>
<div>CTO<br></div>
<div><br>
</div>
<div><a href="https://www.p-i.net/" target="_blank"><img src="cid:part1.09070200.07040105@p-i.net"></a> <a href="https://twitter.com/@PI_150" target="_blank"><img src="cid:part3.05090201.04050806@p-i.net"></a><br>
</div>
<div><br>
</div>
<div><a href="http://www.p-i.net/" target="_blank">www.p-i.net</a> | <a href="https://twitter.com/@PI_150" target="_blank">@PI_150</a><br>
</div>
<div><span style="color:rgb(81,81,81)"><br>
</span></div>
<div><span style="color:rgb(81,81,81)">M: <a value="+447921676683">+44 (0)7425 160 368</a> | T: <a value="+442030056750">+44 (0)203 005 6750</a> |
F: <a value="+442077302635">+44(0)207 730 2635</a></span><br>
</div>
<div><font color="#515151">150
Buckingham Palace Road, </font><span style="color:rgb(81,81,81)">London, SW1W 9TR, UK</span></div>
<div><br><b><span style="color:rgb(11,83,148)"> <img src="https://clients.p-i.net/documents/11003/1116416/BSI-UKAS.logo.jpg/81028530-5f84-4598-825b-f6465a83bae1?t=1416563040000"> <img src="https://clients.p-i.net/documents/11003/1116416/ISO27001-2013.logo.jpeg/145aebe0-c393-49d7-8e1d-44c3c4d451dc?t=1416563040000"> <img src="https://clients.p-i.net/documents/11003/1116416/QMS.logo.jpeg/3925220d-bdad-40c3-b284-102c365c7b85?t=1416563040000" height="36" width="64"><img src="https://clients.p-i.net/documents/11003/1116416/pci.png/773a04d4-f6ce-4b7a-8a22-818f518f0459?t=1421160152000" height="44" width="116"></span></b></div>
<div><font size="1">_____________________________ </font></div>
<p><font size="1">This email and any files transmitted with it
are confidential and intended solely for the use of the
individual or entity to whom they are addressed. If you
have received this email in error please notify the system
manager. This message contains confidential information
and is intended only for the individual named. If you are
not the named addressee you should not disseminate,
distribute or copy this e-mail. Please notify the sender
immediately by e-mail if you have received this e-mail by
mistake and delete this e-mail from your system. If you
are not the intended recipient you are notified that
disclosing, copying, distributing or taking any action in
reliance on the contents of this information is strictly
prohibited.</font></p><p><b>"<span style="color:rgb(11,83,148)"><font>SAVE PAPER - THINK BEFORE YOU PRINT!</font></span>" </b></p></div></div></div></div></div>
<br><div class="gmail_quote">On 29 June 2015 at 13:02, Adam Daduev <span dir="ltr"><<a href="mailto:daduev.ad@gmail.com" target="_blank">daduev.ad@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Hi.</div>I try use new feature of keycloak 1.3.1, i added new attribute, like department, but i can not get it in my web bean, i try get new attribute from KeycloakSecurityContext, but con not found.<div>How can i get my new added atribute?</div><div>Thanks!</div></div>
<br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>