10:36 a.m.
?Hello,
What is the best way to map a JSON document to a Token Claim? Currently I can only define
"?String" in Claim JSON Type at the Mapper Configuration page. But this causes
Keycloak to treat the value of my custom user attribute field field as string. The value
is indeed a JSON document and it would be great if there is also a claim JSON type of
"JSON Object" which is not treated as string and not escaped as happens now.
?Kind regards,
Herbert
Herbert Mühlburger
Senior System Engineer
[http://signature.bearingpoint.com/BrP_Logo.png]
T +43 316 8003
F +43 316 8003 1080
BearingPoint Technology GmbH
Seering 6, Block B
8141 Premstätten
Austria
herbert.muehlburger(a)bearingpoint.com <mailto:herbert.muehlburger@bearingpoint.com>
www.bearingpoint.com<http://www.bearingpoint.com/>
________________________________
BearingPoint Technology GmbH
Sitz: Premstätten bei Graz
Firmenbuchgericht: Landesgericht für ZRS Graz
Firmenbuchnummer: FN 44354b
The information in this email is confidential and may be legally privileged. If you are
not the intended recipient of this message, any review, disclosure, copying, distribution,
retention, or any action taken or omitted to be taken in reliance on it is prohibited and
may be unlawful. If you are not the intended recipient, please reply to or forward a copy
of this message to the sender and delete the message, any attachments, and any copies
thereof from your system.
11:05 a.m.
Hello Herbert,
the code that performs the value conversion is here:
org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper#convertToType
At the moment the only way to customize the mapping in the desired way is
to provide your own AbstractOIDCProtocolMapper mapper implementation.
Note that the OIDCAttributeMapperHelper is used by the setClaim method so
you need to avoid using that method, or replace the resulting
string value of your attribute with an object structure which is then later
marshalled as an appropriate json structure.
Cheers,
Thomas
2017-10-02 10:36 GMT+02:00 Muehlburger, Herbert <
herbert.muehlburger(a)bearingpoint.com>:
?Hello,
What is the best way to map a JSON document to a Token Claim? Currently I
can only define "?String" in Claim JSON Type at the Mapper Configuration
page. But this causes Keycloak to treat the value of my custom user
attribute field field as string. The value is indeed a JSON document and it
would be great if there is also a claim JSON type of "JSON Object" which is
not treated as string and not escaped as happens now.
?Kind regards,
Herbert
Herbert Mühlburger
Senior System Engineer
[http://signature.bearingpoint.com/BrP_Logo.png]
T +43 316 8003
F +43 316 8003 1080
BearingPoint Technology GmbH
Seering 6, Block B
8141 Premstätten
Austria
herbert.muehlburger(a)bearingpoint.com <mailto:herbert.muehlburger@
bearingpoint.com>
www.bearingpoint.com<http://www.bearingpoint.com/>
________________________________
BearingPoint Technology GmbH
Sitz: Premstätten bei Graz
Firmenbuchgericht: Landesgericht für ZRS Graz
Firmenbuchnummer: FN 44354b
The information in this email is confidential and may be legally
privileged. If you are not the intended recipient of this message, any
review, disclosure, copying, distribution, retention, or any action taken
or omitted to be taken in reliance on it is prohibited and may be unlawful.
If you are not the intended recipient, please reply to or forward a copy of
this message to the sender and delete the message, any attachments, and any
copies thereof from your system.
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
11:57 a.m.
Hello,
I like the idea of supporting raw json output for custom attributes. I
think calling the custom type just 'JSON' would suffice.
I just gave this a quick spin, by adding support for "JSON" type conversion
to OIDCAttributeMapperHelper.
How could this work?
In case the mapper input is a String, then try to parse it as a JSON
Object. E.g. via:
jsonObject = objectMapper.readValue((String)attributeValue, Object.class);
If the input is an object or null return it as is.
This would work with values like:
user.singleAttribute("jsonData", "{\"intValue\":42,
\"stringValue\":\"hello\", \"listValue\":
[1,2,3,\"test\"]}");
user.singleAttribute("jsonString", "\"jsonString\"");
which produce:
Map<String,Object> jsonData = new HashMap<>();
jsonData.put("intValue", 42);
jsonData.put("stringValue", "hello");
jsonData.put("listValue", Arrays.asList(1,2,3,"test"));
assertEquals(jsonData, accessToken.getOtherClaims().get("jsonData"));
assertEquals("jsonString",
accessToken.getOtherClaims().get("jsonString"));
Question for the Keycloak Team:
- Is this a good idea?
- Is there a shared ObjectMapper available that could be reused here?
Cheers,
Thomas
2017-10-02 11:05 GMT+02:00 Thomas Darimont <thomas.darimont(a)googlemail.com>:
Hello Herbert,
the code that performs the value conversion is here:
org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper#convertToType
At the moment the only way to customize the mapping in the desired way is
to provide your own AbstractOIDCProtocolMapper mapper implementation.
Note that the OIDCAttributeMapperHelper is used by the setClaim method so
you need to avoid using that method, or replace the resulting
string value of your attribute with an object structure which is then
later marshalled as an appropriate json structure.
Cheers,
Thomas
2017-10-02 10:36 GMT+02:00 Muehlburger, Herbert <herbert.muehlburger@
bearingpoint.com>:
> ?Hello,
>
>
> What is the best way to map a JSON document to a Token Claim? Currently I
> can only define "?String" in Claim JSON Type at the Mapper Configuration
> page. But this causes Keycloak to treat the value of my custom user
> attribute field field as string. The value is indeed a JSON document and it
> would be great if there is also a claim JSON type of "JSON Object" which
is
> not treated as string and not escaped as happens now.
>
>
> ?Kind regards,
>
> Herbert
>
>
> Herbert Mühlburger
> Senior System Engineer
>
> [http://signature.bearingpoint.com/BrP_Logo.png]
>
> T +43 316 8003
> F +43 316 8003 1080
>
> BearingPoint Technology GmbH
> Seering 6, Block B
> 8141 Premstätten
> Austria
>
> herbert.muehlburger(a)bearingpoint.com <mailto:herbert.muehlburger@be
> aringpoint.com>
> www.bearingpoint.com<http://www.bearingpoint.com/>
> ________________________________
> BearingPoint Technology GmbH
> Sitz: Premstätten bei Graz
> Firmenbuchgericht: Landesgericht für ZRS Graz
> Firmenbuchnummer: FN 44354b
>
> The information in this email is confidential and may be legally
> privileged. If you are not the intended recipient of this message, any
> review, disclosure, copying, distribution, retention, or any action taken
> or omitted to be taken in reliance on it is prohibited and may be unlawful.
> If you are not the intended recipient, please reply to or forward a copy of
> this message to the sender and delete the message, any attachments, and any
> copies thereof from your system.
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
2651
days inactive
2651
days old
2 comments
2 participants
participants (2)
-
Muehlburger, Herbert -
Thomas Darimont