<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Hi Kevin,<br>
<br>
in latest master there is support for multiple values of some user
attribute mapped from LDAP. There is also new switch "multivalued"
in admin console for User attribute protocol mapper - when it's
on, you will see all the values of the attribute in the id token
(or access token) in your application.<br>
<br>
Also there is switch "Always read value from LDAP" on User
attribute LDAP federation mapper. When it's on, the value of
attribute is always read from LDAP even for the users, which were
already added into Keycloak DB before you created the LDAP mapper.
<br>
<br>
I hope this will address the issues you mentioned below and in the
previous mails last week.<br>
<br>
Please let me know if it works or if there are still some issues
you're seeing.<br>
<br>
Thanks,<br>
Marek<br>
<br>
On 29.6.2015 14:22, Kevin Thorpe wrote:<br>
</div>
<blockquote
cite="mid:CAFMa6Bb=yn1cmA2zGOUph+S+DhVVBR=S+ymSvP=TdNXZfw1ZEw@mail.gmail.com"
type="cite">
<div dir="ltr">There are two mappings here
<div><br>
</div>
<div>Firstly you need an attribute mapper in user federation.
This maps an LAP attribute to a Keycloak one.</div>
<div>I don't think this works on existing users though. Try
creating a new LDAP user and log in as that user to test this.</div>
<div>Check the log. In my case it's at
/var/log/wildfly/console.log but might have been moved there
by one of our devs.</div>
<div>Check USER_ATTRIBUTES table in the database. You should
have a line for your new attribute for your new user.</div>
<div>I know this doesn't work for multi-attribute values. eg we
have an 'applications' attribute which users will have several
entries.</div>
<div><br>
</div>
<div>Secondly you need to map the user attribute you created
above to the JWT token</div>
<div>This is under your client application definition.</div>
<div>You need a 'user attribute' not 'property' mapper to map
the new keycloak user attribute to a value in the token(s)</div>
<div>You also need to turn it on for either the id token or
access token depending on where your client expects it.</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div class="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div><font color="#000000"><b>Kevin Thorpe<br>
</b></font></div>
<div>CTO<br>
</div>
<div><br>
</div>
<div><a moz-do-not-send="true"
href="https://www.p-i.net/" target="_blank"><img
src="cid:part1.02080800.07090600@redhat.com"></a>
<a moz-do-not-send="true"
href="https://twitter.com/@PI_150" target="_blank"><img
src="cid:part3.07000004.00030603@redhat.com"></a><br>
</div>
<div><br>
</div>
<div><a moz-do-not-send="true"
href="http://www.p-i.net/" target="_blank">www.p-i.net</a> | <a
moz-do-not-send="true"
href="https://twitter.com/@PI_150" target="_blank">@PI_150</a><br>
</div>
<div><span style="color:rgb(81,81,81)"><br>
</span></div>
<div><span style="color:rgb(81,81,81)">M: <a
moz-do-not-send="true" value="+447921676683">+44
(0)7425 160 368</a> | T: <a
moz-do-not-send="true" value="+442030056750">+44
(0)203 005 6750</a> | F: <a
moz-do-not-send="true" value="+442077302635">+44(0)207
730 2635</a></span><br>
</div>
<div><font color="#515151">150 Buckingham Palace
Road, </font><span style="color:rgb(81,81,81)">London,
SW1W 9TR, UK</span></div>
<div><br>
<b><span style="color:rgb(11,83,148)"> <img
moz-do-not-send="true"
src="https://clients.p-i.net/documents/11003/1116416/BSI-UKAS.logo.jpg/81028530-5f84-4598-825b-f6465a83bae1?t=1416563040000">
<img moz-do-not-send="true"
src="https://clients.p-i.net/documents/11003/1116416/ISO27001-2013.logo.jpeg/145aebe0-c393-49d7-8e1d-44c3c4d451dc?t=1416563040000">
<img moz-do-not-send="true"
src="https://clients.p-i.net/documents/11003/1116416/QMS.logo.jpeg/3925220d-bdad-40c3-b284-102c365c7b85?t=1416563040000"
height="36" width="64"><img
moz-do-not-send="true"
src="https://clients.p-i.net/documents/11003/1116416/pci.png/773a04d4-f6ce-4b7a-8a22-818f518f0459?t=1421160152000"
height="44" width="116"></span></b></div>
<div><font size="1">_____________________________ </font></div>
<p><font size="1">This email and any files transmitted
with it are confidential and intended solely for
the use of the individual or entity to whom they
are addressed. If you have received this email in
error please notify the system manager. This
message contains confidential information and is
intended only for the individual named. If you are
not the named addressee you should not
disseminate, distribute or copy this e-mail.
Please notify the sender immediately by e-mail if
you have received this e-mail by mistake and
delete this e-mail from your system. If you are
not the intended recipient you are notified that
disclosing, copying, distributing or taking any
action in reliance on the contents of this
information is strictly prohibited.</font></p>
<p><b>"<span style="color:rgb(11,83,148)"><font>SAVE
PAPER - THINK BEFORE YOU PRINT!</font></span>"
</b></p>
</div>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">On 29 June 2015 at 13:02, Adam Daduev <span
dir="ltr"><<a moz-do-not-send="true"
href="mailto:daduev.ad@gmail.com" target="_blank">daduev.ad@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div>Hi.</div>
I try use new feature of keycloak 1.3.1, i added new
attribute, like department, but i can not get it in my web
bean, i try get new attribute
from KeycloakSecurityContext, but con not found.
<div>How can i get my new added atribute?</div>
<div>Thanks!</div>
</div>
<br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</body>
</html>