[keycloak-user] How read added mapper attribute from ldap?

Kevin Thorpe kevin.thorpe at p-i.net
Tue Jun 30 13:23:47 EDT 2015


Brilliant, thanks Marek. Compiling that at the moment and will properly
test the new functionality in the morning



*Kevin Thorpe*
CTO

 <https://www.p-i.net/>    <https://twitter.com/@PI_150>

 www.p-i.net | @PI_150 <https://twitter.com/@PI_150>

 M: +44 (0)7425 160 368 | T: +44 (0)203 005 6750 | F: +44(0)207 730 2635
 150 Buckingham Palace Road, London, SW1W 9TR, UK


_____________________________

This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager.
This message contains confidential information and is intended only for the
individual named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail. Please notify the sender
immediately by e-mail if you have received this e-mail by mistake and
delete this e-mail from your system. If you are not the intended recipient
you are notified that disclosing, copying, distributing or taking any
action in reliance on the contents of this information is strictly
prohibited.

*"SAVE PAPER - THINK BEFORE YOU PRINT!" *

On 30 June 2015 at 14:28, Marek Posolda <mposolda at redhat.com> wrote:

>  Hi Kevin,
>
> in latest master there is support for multiple values of some user
> attribute mapped from LDAP. There is also new switch "multivalued" in admin
> console for User attribute protocol mapper - when it's on, you will see all
> the values of the attribute in the id token (or access token) in your
> application.
>
> Also there is switch "Always read value from LDAP" on User attribute LDAP
> federation mapper. When it's on, the value of attribute is always read from
> LDAP even for the users, which were already added into Keycloak DB before
> you created the LDAP mapper.
>
> I hope this will address the issues you mentioned below and in the
> previous mails last week.
>
> Please let me know if it works or if there are still some issues you're
> seeing.
>
> Thanks,
> Marek
>
>
> On 29.6.2015 14:22, Kevin Thorpe wrote:
>
> There are two mappings here
>
>  Firstly you need an attribute mapper in user federation. This maps an
> LAP attribute to a Keycloak one.
> I don't think this works on existing users though. Try creating a new LDAP
> user and log in as that user to test this.
> Check the log. In my case it's at /var/log/wildfly/console.log but might
> have been moved there by one of our devs.
> Check USER_ATTRIBUTES table in the database. You should have a line for
> your new attribute for your new user.
> I know this doesn't work for multi-attribute values. eg we have an
> 'applications' attribute which users will have several entries.
>
>  Secondly you need to map the user attribute you created above to the JWT
> token
> This is under your client application definition.
> You need a 'user attribute' not 'property' mapper to map the new keycloak
> user attribute to a value in the token(s)
> You also need to turn it on for either the id token or access token
> depending on where your client expects it.
>
>
>
>
>
>
> *Kevin Thorpe *
> CTO
>
>  <https://www.p-i.net/>    <https://twitter.com/@PI_150>
>
>  www.p-i.net | @PI_150 <https://twitter.com/@PI_150>
>
>  M: +44 (0)7425 160 368 | T: +44 (0)203 005 6750 | F: +44(0)207 730 2635
>  150 Buckingham Palace Road, London, SW1W 9TR, UK
>
>
> _____________________________
>
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> If you have received this email in error please notify the system manager.
> This message contains confidential information and is intended only for the
> individual named. If you are not the named addressee you should not
> disseminate, distribute or copy this e-mail. Please notify the sender
> immediately by e-mail if you have received this e-mail by mistake and
> delete this e-mail from your system. If you are not the intended recipient
> you are notified that disclosing, copying, distributing or taking any
> action in reliance on the contents of this information is strictly
> prohibited.
>
> *"SAVE PAPER - THINK BEFORE YOU PRINT!" *
>
> On 29 June 2015 at 13:02, Adam Daduev <daduev.ad at gmail.com> wrote:
>
>>  Hi.
>> I try use new feature of keycloak 1.3.1, i added new attribute, like
>> department, but i can not get it in my web bean, i try get new attribute
>> from KeycloakSecurityContext, but con not found.
>> How can i get my new added atribute?
>> Thanks!
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
>
> _______________________________________________
> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150630/8e4d8d7a/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pi_icon.jpg
Type: image/jpeg
Size: 3053 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20150630/8e4d8d7a/attachment-0002.jpg 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 1204 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20150630/8e4d8d7a/attachment-0002.jpe 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 3053 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20150630/8e4d8d7a/attachment-0003.jpe 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: twitter.jpg
Type: image/jpeg
Size: 1204 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20150630/8e4d8d7a/attachment-0003.jpg 


More information about the keycloak-user mailing list