Hi,
Thanks for your feedback. I’ve been doing some more testing and now I am unable to
reproduce it: otherClaims is being filled in now. Must have been some missing checkmark in
the Mapper.
Thanks,
Arjan Lamers
On 05-10-2015, at 15:01, Sebastian Rose
<sebastian.rose(a)aoe.com> wrote:
Hi,
for me this works fine. You have to add a Mapping of Kind 'User Attribute'
(Mapper Type) within Clients -> <Choose your client> -> 'Mappers'.
Best Regards,
Sebastian
Von: keycloak-user-bounces(a)lists.jboss.org [mailto:keycloak-user-bounces@lists.jboss.org]
Im Auftrag von Arjan Lamers
Gesendet: Donnerstag, 1. Oktober 2015 16:18
An: keycloak-user(a)lists.jboss.org
Betreff: Re: [keycloak-user] retrieving custom user attributes
Hi,
Well, as far as I can see, the unmarshalled AccessToken does not contain any custom
attributes. I would expect something like a Map<String,Object> where you can access
additional attributes.
Just to be clear: the custom attribute I configured does appear in the JWT token, I am
simply searching for an easy way to access them from Java.
There is an 'otherClaims' in the JsonWebToken, should they appear there? (They
don't).
Kind regards,
Arjan Lamers
What do you want for an interface? KeycloakSecurityContext has the
unmarshalled IDToken and AccessToken.
KeycloakPrincipal.getKeycloakSecurityContext().getToken()
On 9/30/2015 11:12 AM, Arjan Lamers wrote:
> Hi,
>
> I am trying to find an easy way to access custom attributes as defined
> for a client. For a Keycloak client, I?ve defined a new Mapper for a
> /user attribute/ to store some additional authorisation data. This then
> is managed by some user domain that uses the keycloak-admin-client to
> write that property.
>
> The problem arises when I want to access that property in an JEE
> application.The way I do it right now to use the KeycloakPrincipal found
> in the javax.ejb.SessionContext. From there, I get the JWT token as a
> String, deserialize the JSON and access the custom attribute from there.
> This feels like a very roundabout way to get to the token but somehow I
> am not able to find an easier way. Is it a missing feature or is it
> simply too close to the weekend for me ;)?