[keycloak-user] Dump user profile data from Social Identity Provider

Eugene Chow eugene.chow.ct at gmail.com
Tue Jul 14 11:38:08 EDT 2015


I couldn't find the attribute *lastName* in the *user_attribute* table. 
I did find the following though
> COPY idp_mapper_config (idp_mapper_id, value, name) FROM stdin;
> 9871fac6-80ef-4fed-91d2-01a2fa56fd31    street  user.attribute
> 9871fac6-80ef-4fed-91d2-01a2fa56fd31    address claim
> 473e55d3-8266-4507-bc1d-cc3c27d49498    lastName user.attribute
> 49a22d17-4dd5-426b-ba02-cbf6b7de6a84    sub     claim
> 49a22d17-4dd5-426b-ba02-cbf6b7de6a84    firstName user.attribute

It seems that my mappings ended up in *idp_mapper_config*. My mappings are:
> *lastName:* preferred_username
> *firstName: *sub
> *street:* address

This was the JSON response from the OID backend. The interesting thing 
is that Keycloak maps "name" from the OID backend to firstName.
> {"sub":"Christine 
> Chapel","name":"","position":"","preferred_username":"Christine 
> Chapel","address":"Nurse, USS Enterprise"}

Does it mean that Keycloak doesn't support mapping to the UserModel?


Thanks!
Eugene

On 14/7/2015 9:26 PM, Marek Posolda wrote:
> From looking at the code, it seems that we don't support mapping to 
> UserModel properties (ie. firstName, lastName, email) but just custom 
> attributes. Could you check your database if there is attribute 
> "lastName" in USER_ATTRIBUTE table for this user? If it's the case, 
> then it means that mapper added custom attribute "lastName" instead of 
> the java property "lastName" from user model . Then feel free to 
> create JIRA to support mapping to UserModel properties as well .
>
> Marek
>
> On 14.7.2015 13:19, Eugene Chow wrote:
>> Hi Marek,
>>
>> I managed to set up the logger. Thanks! This is the configuration to 
>> dump the userinfo JSON response in the log file and the console.
>>>         <subsystem xmlns="urn:jboss:domain:logging:3.0">
>>>             <console-handler name="CONSOLE">
>>>                 <level name="DEBUG"/>
>>>                 <formatter>
>>>                     <named-formatter name="COLOR-PATTERN"/>
>>>                 </formatter>
>>>             </console-handler>
>>>>>>             <logger category="org.keycloak.social.user_profile_dump">
>>>                 <level name="DEBUG"/>
>>>             </logger>
>>> ...
>>
>> I have another problem, which is to map the *userinfo* from the 
>> custom OpenID Connect backend. Upon login, it returns this JSON response:
>>> {"sub":"Christine 
>>> Chapel","name":"","position":"","preferred_username":"Christine 
>>> Chapel","address":"Nurse, USS Enterprise"}
>>
>> I’m trying to map *preferred_username* to the *Last Name* field. I 
>> tried to map this field, and also *sub* and *address*, but all 
>> without success:
>> *Name:* Fullname
>> *Mapper Type:* Attribute Importer
>> *Claim:* preferred_username
>> *User Attribute Name:* lastName
>>
>> Is there a specific *Claim* or *User Attribute Name* that I need to 
>> use for the mapping to work?
>>
>>
>> Cheers!
>>
>>> On 14 Jul 2015, at 14:59, Eugene Chow <eugene.chow.ct at gmail.com 
>>> <mailto:eugene.chow.ct at gmail.com>> wrote:
>>>
>>> Hi Marek,
>>>
>>> Thanks for the heads up. I’ll give it a shot.
>>>
>>> Eugene
>>>
>>>> On 14 Jul 2015, at 14:53, Marek Posolda <mposolda at redhat.com 
>>>> <mailto:mposolda at redhat.com>> wrote:
>>>>
>>>> Hi,
>>>>
>>>> do you have opportunity to upgrade to latest 1.3.1.Final? It seems 
>>>> that this logging was added in this version and is not yet 
>>>> available in 1.2.0.
>>>>
>>>> Marek
>>>>
>>>> On 14.7.2015 07:59, Eugene Chow wrote:
>>>>> Hi Stian/Marek,
>>>>>
>>>>> Can you please advise on the following? I used the instructions 
>>>>> from this page - 
>>>>> http://keycloak.github.io/docs/userguide/html/identity-broker.html#d4e1954. 
>>>>> I’m not sure if I have included it in the correct location as it 
>>>>> doesn’t work.
>>>>>
>>>>> I need this to debug the JSON response from a custom OpenID 
>>>>> Connect backend.
>>>>>
>>>>>
>>>>> Thanks a lot!
>>>>> Eugene
>>>>>
>>>>>> On 13 Jul 2015, at 17:20, Eugene Chow <eugene.chow.ct at gmail.com 
>>>>>> <mailto:eugene.chow.ct at gmail.com>> wrote:
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> i have a Keycloak 1.2.0 installation that authenticates against a 
>>>>>> custom OpenID Connect provider. I need to see the JSON response 
>>>>>> from the social provider. The documentation says to set 
>>>>>> org.keycloak.social.user_profile_dump to DEBUG.
>>>>>>
>>>>>> I’ve added the following to standalone.xml as such, but I don’t 
>>>>>> see any JSON output in the log. Is this configuration correct?
>>>>>>
>>>>>>    <profile>
>>>>>>        <subsystem xmlns="urn:jboss:domain:logging:2.0”>
>>>>>>            <logger category="org.keycloak.social.user_profile_dump">
>>>>>>                <level name="DEBUG"/>
>>>>>>            </logger>
>>>>>>>>>>>> ...
>>>>>>    </profile>
>>>>>>
>>>>>>
>>>>>> Thanks!
>>>>>> Eugene
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> keycloak-user mailing list
>>>>> keycloak-user at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>
>>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150714/6e322658/attachment-0001.html 


More information about the keycloak-user mailing list