Hi Josh,
Thank you very much, that looks like what I need.
I'm trying to implement a SAMLAttributeStatementMapper, but I cannot find any
references to it in the documentation, and I cannot understand which Factory class I
should implement. Do you know how I can find that out?
Thanks,
Paolo
-----Original Message-----
From: keycloak-user-bounces(a)lists.jboss.org [mailto:keycloak-user-bounces@lists.jboss.org]
On Behalf Of Josh Cain
Sent: Monday, 4 December, 2017 17:26
To: keycloak-user(a)lists.jboss.org
Subject: Re: [keycloak-user] Adding custom user claims after login
Hi Paolo,
We do something very similar to that by extending the attribute mapper SPI for the
protocol we're using. I'd check out:
- SAMLAttributeStatementMapper
- OIDCAccessTokenMapper
- OIDCIDTokenMapper
Josh Cain
Senior Software Applications Engineer, RHCE Red Hat North America jcain(a)redhat.com IRC:
jcain
On 12/04/2017 04:03 AM, Paolo Tedesco wrote:
Hi all,
I would need to add dynamically some custom client-specific claims to a user's token
after authentication.
The basic idea is that I would need to call an external application, asking for the
custom claims for the authenticated user for the target client.
If I've understood correctly, I cannot do this with mappers, and I could not find a
custom SPI type that fits this purpose.
Is there a way to do this with Keycloak?
Thanks,
Paolo
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user