You can do it now, its just that we don't have any documentation for it.
Here's a bunch of examples:
I'm not sure how you obtain or refresh an LTPA token. But these
mappers are executed whenever a token is created. You would define the
mapper then configure it within the admin console. In talking to you
and others, we may need some callback on the UserFederationProvider too.
On 9/8/2015 11:34 AM, Mr. Graf wrote:
What does it mean for the moment? It’s not possible now?
If so, are you sure now and is it already in the backlog? ;) No, seriously, will it get
public and when?
> Am 08.09.2015 um 14:18 schrieb Bill Burke <bburke(a)redhat.com>:
> You can write a ProtocolMapper. We haven't made the SPI public yet and
> weren't sure if we should.
> On 9/8/2015 3:18 AM, Mr. Graf wrote:
>> Hey all,
>> we are evaluating keycloak and run into an issue.
>> We implemented a UserFederationProvider. This Provider authenticates let’s say
old users and new users.
>> „old“ users should receive an LTPA token within the payload of the access token.
We used user attributes to achieve it. Fine so far.
>> Our current issue is, that this LTPA token needs to be updated when a
refresh_token request comes in and should be put into the „new“ access token too.
>> Initially we tried to achieve it using the refresh_token event until we noticed
that this is fired after the „new“ access token has been created, so too late.
>> Does someone has a smart approach or an example how to add custom payload, to be
retrieved from a legacy system, to the access token when refreshing it?
>> Thanks in advance
>> keycloak-dev mailing list
> Bill Burke
> JBoss, a division of Red Hat
> keycloak-dev mailing list
keycloak-dev mailing list
JBoss, a division of Red Hat