Hello,It seems that there is no way to map the claims returned by the /userinfo endpoint
to user attributes. I set up an OIDC identity broker to enable external identity broker
authentication in keycloak. Some of the relevant information about the user, such as
language, locale, etc. are available only by calling the /userinfo point, so I wanted to
map the claims returned by the endpoint to the user attributes using the available
mappers.Unfortunately, it seems that the Attribute Mapper can maps ID token or Access
token claims (User Attribute Mapper), and completely ignores the userInfo
claims. Searching through the codebase, I've found that OIDC identity broker
calls AbstractJsonUserAttributeMapper.storeUserProfileForMapper to store the user
profilereturned by the call to /userinfo endpoint in the user's context data. However,
there seems to be no way (without modifying the code that is) to map that data to the
attributes of the federated user created by the OIDC identity broker.
Am I missing something here or this functionality is not available out of the box for OIDC
identity broker?
I am using keycloak version 2.1.0
Thank you,--Peter