Re: [keycloak-user] OIDC Identity Provider userinfo parsing problem
Hello Simon,
I think you don't need to introduce a dedicated IdentityProvider to workaround the dot
issue. Instead, you can try creating a protocol mapper.
As for newer Keycloak versions, I can test it on Keycloak 4.7.0 if Signicat allows for
some test/demo access. Do you have any info on it?
Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info(a)acutus.pro
On Mon, 2018-12-10 at 10:02 +0000, Simon Buch Vogensen wrote:
Hi
We are using keycloak 2.5.5 (redhat sso 7.1) as an identity broker with Signicat.com as
oidc identity provider.
When keycloak requests userinfo from signicat the response does not parse correctly.
Here is an example response.
{"sub":"xxxxxxxxxxxxxx","name":"Simon
Vogensen","signicat.national_id":"123412341234","given_name":"Simon","locale":"SV","family_name":"Vogensen"}
The problem is the dot in the parametername "signicat.national_id" conflicts
with the JSON_PATH_DELIMITER in AbstractJsonUserAttributeMapper resulting in the value not
getting parsed at all.
The fix I have come up with would be a
currentNode = baseNode.get(fieldPath);
call after no node has been found. See line 206.
I guess this little problem does not qualify for a fix of 2.5.5 - and I don't want to
patch our installation - so I guess my best option is to create a specific Signicat
Identity Provider - and fix the response in there before sending it into keycloak?
Is this problem fixed in newer versions of keycloak?
Thanks in advance
Regards
Simon Buch Vogensen
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user