Hmm, turns out it was a different problem entirely. Default, Keycloak requests the openid
profile for the logged in user. I had to explicitly add scopes profile and email to get
the information I need. Why doesn’t Keycloak request profile and email by default? Seems
like you can’t really do anything useful without at least profile scope?
Rens
On 7 Dec 2017, at 17:46, Rens Verhage
<Rens.Verhage@topicus.nl<mailto:Rens.Verhage@topicus.nl>> wrote:
I have configured an OIDC identity provider and added a few attribute Attribute Importer
mappers, such as (claim -> attribute):
preferred_username -> username
email -> email
However, on first login, Keycloak asks me to supply missing user information, including
username and e-mail. Username is pre-filled with the sub-claim, everything else is
empty.
Did I miss some additional config? I also have a hardcode role which is working fine.
Maybe I don’t have the properties right, but I can’t find a list of Keycloak user
properties and how to access them through attribute mappers.
Rens
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user