Re: [keycloak-user] Groups as array of objects (Script Mapper ? )

Hi Daniel, you're welcome :) So finally you've managed to get your groups mapped as desired in a JWT token? Does it work with Confluence? Dmitry On Tue, 2018-07-24 at 16:12 +0200, Daniel Teixeira wrote: Thank you for your answer Dmitry. Indeed the dependencies org.keycloak.keycloak-services was missing! I have added that one on the module.xml and it worked :) <?xml version="1.0" encoding="UTF-8"?> <module xmlns="urn:jboss:module:1.3" name="swiss.sib.keycloak.sib- group-membership-mapper"> <resources> <resource-root path="sib-group-membership-mapper.jar"/> </resources> <dependencies> <module name="org.keycloak.keycloak-core"/> <module name="org.keycloak.keycloak-server-spi"/> <module name="org.keycloak.keycloak-server-spi-private"/> <module name="org.keycloak.keycloak-services"/> </dependencies> </module> Also there was another error, my directory structured was missing the module name (sib-group-membership-mapper): mkdir -p modules/swiss/sib/keycloak/***sib-group-membership-mapper*** /main/ If others have the same trouble, all the configuration can be accomplished with the single command: ./bin/jboss-cli.sh --command="module add --name=swiss.sib.keycloak.sib-group-membership-mapper --resources=/tmp/sib-group-membership-mapper.jar --dependencies=org.keycloak.keycloak-core,org.keycloak. keycloak-server-spi,org.keycloak.keycloak-server-spi- private,org.keycloak.keycloak-services" and I leave this repo as a reference: https://github.com/ddtxra/sib-group-membership-mapper Thanks again Dmitry. On Mon, Jul 23, 2018 at 7:50 PM, Dmitry Telegin <dt(a)acutus.pro&gt; wrote: Hi Daniel, On Mon, 2018-07-23 at 18:31 +0200, Daniel Teixeira wrote: > Thank you Dmitry, > I was trying to see if there was an option without writing a java module. What you are suggesting is to create a module, correct? Yep you're right, from my experience it's easier to create a Java extension rather then dive deep into the guts of ScriptMapper trying to make it return what you want :) > I gave a try to my first "module" but couldn't find very much info or examples about how to write custom protocol mappers. > Are they configured the same was as Authentication Providers? > > I tried to configure it, but I get a ModuleNotFoundException, here is what I did: > https://github.com/ddtxra/sib-group-membership-mapper You did everything right. The only missing piece is deployment descriptor. If you're hot deploying (via standalone/deployments directory), put this into your META-INF/jboss-deployment-structure.xml: <?xml version="1.0" encoding="UTF-8"?> <jboss-deployment-structure> <deployment> <dependencies> <module name="org.keycloak.keycloak-services"/> </dependencies> </deployment> </jboss-deployment-structure> ...then recompile and redeploy. Or, if you'd like to deploy it as a Wildfly/JBoss module, do the following in jboss-cli: module add --name=sib-group-membership-mapper --resources=/path/to/sib-group-membership-mapper.jar --dependencies=org.keycloak.keycloak-services ...so that it creates the descriptor (yet a different one) for you. Good luck! Dmitry > > Can someone spot the problem? > Thanks very much for your help! > > > > On Mon, Jul 23, 2018 at 4:04 AM, Dmitry Telegin <dt(a)acutus.pro&gt; wrote: > > Hi Daniel, > > > > Not sure if Script Mapper allows for that, but you could definitely > > solve this with a custom ProtocolMapper. Use the "Group Membership" > > mapper as a reference, but return an array of objects instead of an > > array of strings. > > > > Cheers, > > Dmitry Telegin > > CTO, Acutus s.r.o. > > Keycloak Consulting and Training > > > > Pod lipami street 339/52, 130 00 Prague 3, Czech Republic <https://maps.google.com/?q=Pod+lipami+street+339/52,+130+00+Prague+3,+Cze... > > +42 (022) 888-30-71 > > E-mail: info(a)acutus.pro > > > > On Fri, 2018-07-20 at 14:26 +0200, Daniel Teixeira wrote: > > > Hello, > > > I am trying to configure my userinfo token to get the groups, as an > > > array > > > of objects. > > > Currently if I add the "Group Membership" mapper in my client, an > > > array of > > > Strings with the groups is returns. > > > > > > { > > > "name": "Dummy User", > > > "groups": ["group1", "group2", "group3"] > > > ... > > > } > > > > > > But what I need for a SSO Confluence plugin to work is the following > > > format: > > > (The name of the attributes don't matter, but I need an array of > > > objects > > > for the groups) > > > > > > { > > > "name": "Dummy User", > > > "groups": [ {"group_name": "group1"}, > > > {"group_name": "group2"}, > > > {"group_name": "group3"} ] > > > ... > > > } > > > > > > So I have tried to created Script Mapper as follows: > > > > > > *var groups = [];* > > > *user.getGroups().forEach(function(groupModel) {* > > > * var groupName = groupModel.getName();* > > > * groups.push({"group_name": groupName});* > > > *})* > > > > > > *token.setOtherClaims("groups", groups);* > > > > > > > > > But this script produces a token as following: > > > > > > { > > > "name": "Dummy User", > > > "groups": { > > > "0": { > > > "group_name": "group1" > > > }, > > > "1": { > > > "group_name": "group2" > > > }, > > > "2": { > > > "group_name": "group3" > > > } > > > }, > > > .... > > > } > > > > > > Which is not an array of object, but a map of objects. > > > I have tried to toggle the option multivalued but it didn't change > > > anything. > > > > > > Is there a way to have an array? > > > Could someone help me with that? > > > Thanks in advance! > > > > > > Cheers, > > > Daniel Teixeira > > > _______________________________________________ > > > keycloak-user mailing list > > > keycloak-user(a)lists.jboss.org > > > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > > > -- > Daniel Teixeira -- Daniel Teixeira