6:59 a.m.
Hello group,
In my user model I have a custom user attribute that I want to make
available to multiple
clients via the id / access token with just one definition. Is this already
possible somehow?
Currently one can define custom mappers for a single client via:
(In Admin Console) Realm -> Clients -> example-client -> Mappers -> create
There I can specify a new mapper of type "user attribute" where I can refer
to the actual user attribute, give it a "token claim name" (e.g.
"myattribute") and specify whether this should be included in the ID and /
or access token.
The user attribute in the token can then be accessed from within the client
via:
KeycloakSecurityContext:getIdToken().getOtherClaims().get("myattribute")
This apporach however requires that I configure this for every client - for
which I already have 10 (trend: upwards)...
It would make thinks a lot easier if it were possible to specify those
mappers realm wide...
PS: I'm currently using Keycloak 1.9.0.CR1
Cheers,
Thomas
8:05 a.m.
See ClientTemplates
On 2/5/2016 7:59 AM, Thomas Darimont wrote:
Hello group,
In my user model I have a custom user attribute that I want to make
available to multiple
clients via the id / access token with just one definition. Is this
already possible somehow?
Currently one can define custom mappers for a single client via:
(In Admin Console) Realm -> Clients -> example-client -> Mappers -> create
There I can specify a new mapper of type "user attribute" where I can
refer to the actual user attribute, give it a "token claim name" (e.g.
"myattribute") and specify whether this should be included in the ID
and / or access token.
The user attribute in the token can then be accessed from within the
client via:
KeycloakSecurityContext:getIdToken().getOtherClaims().get("myattribute")
This apporach however requires that I configure this for every client
- for which I already have 10 (trend: upwards)...
It would make thinks a lot easier if it were possible to specify those
mappers realm wide...
PS: I'm currently using Keycloak 1.9.0.CR1
Cheers,
Thomas
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
8:28 a.m.
Hello Bill,
seems to do what I need - I think it should be documented that changes in
client templates (e.g. configured mappers) are reflected in created clients.
Cheers,
Thomas
2016-02-05 15:05 GMT+01:00 Bill Burke <bburke(a)redhat.com>:
See ClientTemplates
On 2/5/2016 7:59 AM, Thomas Darimont wrote:
Hello group,
In my user model I have a custom user attribute that I want to make
available to multiple
clients via the id / access token with just one definition. Is this
already possible somehow?
Currently one can define custom mappers for a single client via:
(In Admin Console) Realm -> Clients -> example-client -> Mappers -> create
There I can specify a new mapper of type "user attribute" where I can
refer to the actual user attribute, give it a "token claim name" (e.g.
"myattribute") and specify whether this should be included in the ID and /
or access token.
The user attribute in the token can then be accessed from within the
client via:
KeycloakSecurityContext:getIdToken().getOtherClaims().get("myattribute")
This apporach however requires that I configure this for every client -
for which I already have 10 (trend: upwards)...
It would make thinks a lot easier if it were possible to specify those
mappers realm wide...
PS: I'm currently using Keycloak 1.9.0.CR1
Cheers,
Thomas
_______________________________________________
keycloak-user mailing
listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hathttp://bill.burkecentral.com
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3233
days inactive
3233
days old
2 comments
2 participants
participants (2)
-
Bill Burke -
Thomas Darimont