<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Hi,<div class=""><br class=""></div><div class="">Thanks for your feedback. I’ve been doing some more testing and now I am unable to reproduce it: otherClaims is being filled in now. Must have been some missing checkmark in the Mapper. </div><div class=""><br class=""></div><div class="">Thanks,</div><div class="">Arjan Lamers</div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On 05-10-2015, at 15:01, Sebastian Rose <<a href="mailto:sebastian.rose@aoe.com" class="">sebastian.rose@aoe.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class="WordSection1" style="page: WordSection1; font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;"><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class="">Hi,<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class=""><o:p class=""> </o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class="">for me this works fine. You have to add a Mapping of Kind 'User Attribute' (Mapper Type) within Clients -> <Choose your client> -> 'Mappers'.<span class="Apple-converted-space"> </span><o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class=""><o:p class=""> </o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class="">Best Regards,<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class="">Sebastian<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class=""><o:p class=""> </o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><b class=""><span style="font-size: 11pt; font-family: Calibri, sans-serif;" class="">Von:</span></b><span style="font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span class="Apple-converted-space"> </span><a href="mailto:keycloak-user-bounces@lists.jboss.org" class="">keycloak-user-bounces@lists.jboss.org</a> [<a href="mailto:keycloak-user-bounces@lists.jboss.org" class="">mailto:keycloak-user-bounces@lists.jboss.org</a>]<span class="Apple-converted-space"> </span><b class="">Im Auftrag von<span class="Apple-converted-space"> </span></b>Arjan Lamers<br class=""><b class="">Gesendet:</b><span class="Apple-converted-space"> </span>Donnerstag, 1. Oktober 2015 16:18<br class=""><b class="">An:</b><span class="Apple-converted-space"> </span><a href="mailto:keycloak-user@lists.jboss.org" class="">keycloak-user@lists.jboss.org</a><br class=""><b class="">Betreff:</b><span class="Apple-converted-space"> </span>Re: [keycloak-user] retrieving custom user attributes<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><o:p class=""> </o:p></div><div class=""><div class=""><div class=""><div class=""><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">Hi,<o:p class=""></o:p></div></div><div class=""><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><o:p class=""> </o:p></div></div><div class=""><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">Well, as far as I can see, the unmarshalled AccessToken does not contain any custom attributes. I would expect something like a Map<String,Object> where you can access additional attributes.<o:p class=""></o:p></div></div><div class=""><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">Just to be clear: the custom attribute I configured does appear in the JWT token, I am simply searching for an easy way to access them from Java. <o:p class=""></o:p></div></div><div class=""><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">There is an 'otherClaims' in the JsonWebToken, should they appear there? (They don't).<o:p class=""></o:p></div></div><div class=""><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><o:p class=""> </o:p></div></div><div class=""><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">Kind regards,<o:p class=""></o:p></div></div><div class=""><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">Arjan Lamers<o:p class=""></o:p></div></div><div class=""><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><o:p class=""> </o:p></div></div><div class=""><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""> <o:p class=""></o:p></div></div><blockquote style="border-style: none none none solid; border-left-color: rgb(204, 204, 204); border-left-width: 1pt; padding: 0cm 0cm 0cm 6pt; margin: 5pt 0cm 5pt 4.8pt;" class=""><p class="MsoNormal" style="margin: 0cm 0cm 12pt; font-size: 12pt; font-family: 'Times New Roman', serif;"><br class="">What do you want for an interface? KeycloakSecurityContext has the<br class="">unmarshalled IDToken and AccessToken.<br class=""><br class="">KeycloakPrincipal.getKeycloakSecurityContext().getToken()<br class=""><br class="">On 9/30/2015 11:12 AM, Arjan Lamers wrote:<br class="">> Hi,<br class="">><br class="">> I am trying to find an easy way to access custom attributes as defined<br class="">> for a client. For a Keycloak client, I?ve defined a new Mapper for a<br class="">> /user attribute/ to store some additional authorisation data. This then<br class="">> is managed by some user domain that uses the keycloak-admin-client to<br class="">> write that property.<br class="">><br class="">> The problem arises when I want to access that property in an JEE<br class="">> application.The way I do it right now to use the KeycloakPrincipal found<br class="">> in the javax.ejb.SessionContext. From there, I get the JWT token as a<br class="">> String, deserialize the JSON and access the custom attribute from there.<br class="">> This feels like a very roundabout way to get to the token but somehow I<br class="">> am not able to find an easier way. Is it a missing feature or is it<br class="">> simply too close to the weekend for me ;)?</p></blockquote></div></div></div></div></div></blockquote></div><br class=""></div></body></html>