[keycloak-user] How read added mapper attribute from ldap?
Marek Posolda
mposolda at redhat.com
Wed Jul 1 09:53:15 EDT 2015
Hi Kevin,
could you try to attach "-DskipTests=true" as the parameter to the maven
command during build? Or maybe even just run those commands (assuming
you are in the directory with latest keycloak master):
mvn clean install -DskipTests=true
cd distribution
mvn clean install
Thanks,
Marek
On 1.7.2015 15:09, Kevin Thorpe wrote:
> Hi Marek, I'm having problems doing a distribution build. Are you
> expecting that to work?
>
> What extra information do you want form me? I am not a java developer
> so I'm not sure.
>
> [INFO]
> ------------------------------------------------------------------------
> [INFO] BUILD FAILURE
> [INFO]
> ------------------------------------------------------------------------
> [INFO] Total time: 01:58 min
> [INFO] Finished at: 2015-07-01T14:06:24+01:00
> [INFO] Final Memory: 122M/464M
> [INFO]
> ------------------------------------------------------------------------
> [ERROR] Failed to execute goal
> org.apache.maven.plugins:maven-surefire-plugin:2.17:test
> (default-test) on project arquillian-integration: There are test failures.
> [ERROR]
> [ERROR] Please refer to
> /home/kevin/keycloak/testsuite/integration-arquillian/target/surefire-reports
> for the individual test results.
> [ERROR] -> [Help 1]
> [ERROR]
> [ERROR] To see the full stack trace of the errors, re-run Maven with
> the -e switch.
> [ERROR] Re-run Maven using the -X switch to enable full debug logging.
> [ERROR]
> [ERROR] For more information about the errors and possible solutions,
> please read the following articles:
> [ERROR] [Help 1]
> http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
>
>
> *Kevin Thorpe
> *
> CTO
>
> <https://www.p-i.net/> <https://twitter.com/@PI_150>
>
> www.p-i.net <http://www.p-i.net/> | @PI_150 <https://twitter.com/@PI_150>
>
> M: +44 (0)7425 160 368 | T: +44 (0)203 005 6750 | F: +44(0)207 730 2635
> 150 Buckingham Palace Road, London, SW1W 9TR, UK
>
> **
> _____________________________
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager. This message contains confidential information and
> is intended only for the individual named. If you are not the named
> addressee you should not disseminate, distribute or copy this e-mail.
> Please notify the sender immediately by e-mail if you have received
> this e-mail by mistake and delete this e-mail from your system. If you
> are not the intended recipient you are notified that disclosing,
> copying, distributing or taking any action in reliance on the contents
> of this information is strictly prohibited.
>
> *"SAVE PAPER - THINK BEFORE YOU PRINT!" *
>
>
> On 30 June 2015 at 14:28, Marek Posolda <mposolda at redhat.com
> <mailto:mposolda at redhat.com>> wrote:
>
> Hi Kevin,
>
> in latest master there is support for multiple values of some user
> attribute mapped from LDAP. There is also new switch "multivalued"
> in admin console for User attribute protocol mapper - when it's
> on, you will see all the values of the attribute in the id token
> (or access token) in your application.
>
> Also there is switch "Always read value from LDAP" on User
> attribute LDAP federation mapper. When it's on, the value of
> attribute is always read from LDAP even for the users, which were
> already added into Keycloak DB before you created the LDAP mapper.
>
> I hope this will address the issues you mentioned below and in the
> previous mails last week.
>
> Please let me know if it works or if there are still some issues
> you're seeing.
>
> Thanks,
> Marek
>
>
> On 29.6.2015 14:22, Kevin Thorpe wrote:
>> There are two mappings here
>>
>> Firstly you need an attribute mapper in user federation. This
>> maps an LAP attribute to a Keycloak one.
>> I don't think this works on existing users though. Try creating a
>> new LDAP user and log in as that user to test this.
>> Check the log. In my case it's at /var/log/wildfly/console.log
>> but might have been moved there by one of our devs.
>> Check USER_ATTRIBUTES table in the database. You should have a
>> line for your new attribute for your new user.
>> I know this doesn't work for multi-attribute values. eg we have
>> an 'applications' attribute which users will have several entries.
>>
>> Secondly you need to map the user attribute you created above to
>> the JWT token
>> This is under your client application definition.
>> You need a 'user attribute' not 'property' mapper to map the new
>> keycloak user attribute to a value in the token(s)
>> You also need to turn it on for either the id token or access
>> token depending on where your client expects it.
>>
>>
>>
>>
>>
>> *Kevin Thorpe
>> *
>> CTO
>>
>> <https://www.p-i.net/> <https://twitter.com/@PI_150>
>>
>> www.p-i.net <http://www.p-i.net/> | @PI_150
>> <https://twitter.com/@PI_150>
>>
>> M: +44 (0)7425 160 368 | T: +44 (0)203 005 6750 | F: +44(0)207
>> 730 2635
>> 150 Buckingham Palace Road, London, SW1W 9TR, UK
>>
>> **
>> _____________________________
>>
>> This email and any files transmitted with it are confidential and
>> intended solely for the use of the individual or entity to whom
>> they are addressed. If you have received this email in error
>> please notify the system manager. This message contains
>> confidential information and is intended only for the individual
>> named. If you are not the named addressee you should not
>> disseminate, distribute or copy this e-mail. Please notify the
>> sender immediately by e-mail if you have received this e-mail by
>> mistake and delete this e-mail from your system. If you are not
>> the intended recipient you are notified that disclosing, copying,
>> distributing or taking any action in reliance on the contents of
>> this information is strictly prohibited.
>>
>> *"SAVE PAPER - THINK BEFORE YOU PRINT!" *
>>
>>
>> On 29 June 2015 at 13:02, Adam Daduev <daduev.ad at gmail.com
>> <mailto:daduev.ad at gmail.com>> wrote:
>>
>> Hi.
>> I try use new feature of keycloak 1.3.1, i added new
>> attribute, like department, but i can not get it in my web
>> bean, i try get new attribute from KeycloakSecurityContext,
>> but con not found.
>> How can i get my new added atribute?
>> Thanks!
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> <mailto:keycloak-user at lists.jboss.org>
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150701/13944e00/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 3053 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20150701/13944e00/attachment-0004.jpe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 1204 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20150701/13944e00/attachment-0005.jpe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 3053 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20150701/13944e00/attachment-0006.jpe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 1204 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20150701/13944e00/attachment-0007.jpe
More information about the keycloak-user
mailing list