Re: [keycloak-user] Adding custom user claims after login
Hi Paolo,
We do something very similar to that by extending the attribute mapper
SPI for the protocol we're using. I'd check out:
- SAMLAttributeStatementMapper
- OIDCAccessTokenMapper
- OIDCIDTokenMapper
Josh Cain
Senior Software Applications Engineer, RHCE
Red Hat North America
jcain(a)redhat.com IRC: jcain
On 12/04/2017 04:03 AM, Paolo Tedesco wrote:
Hi all,
I would need to add dynamically some custom client-specific claims to a user's token
after authentication.
The basic idea is that I would need to call an external application, asking for the
custom claims for the authenticated user for the target client.
If I've understood correctly, I cannot do this with mappers, and I could not find a
custom SPI type that fits this purpose.
Is there a way to do this with Keycloak?
Thanks,
Paolo
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
Attachments:
- signature.asc (application/pgp-signature — 833 bytes)