[keycloak-user] retrieving custom user attributes

Arjan Lamers a.lamers at first8.nl
Fri Oct 9 08:59:47 EDT 2015


Thanks for your feedback. I’ve been doing some more testing and now I am unable to reproduce it: otherClaims is being filled in now. Must have been some missing checkmark in the Mapper. 

Arjan Lamers

> On 05-10-2015, at 15:01, Sebastian Rose <sebastian.rose at aoe.com> wrote:
> Hi,
> for me this works fine. You have to add a Mapping of Kind 'User Attribute' (Mapper Type) within Clients -> <Choose your client> -> 'Mappers'. 
> Best Regards,
> Sebastian
> Von: keycloak-user-bounces at lists.jboss.org [mailto:keycloak-user-bounces at lists.jboss.org] Im Auftrag von Arjan Lamers
> Gesendet: Donnerstag, 1. Oktober 2015 16:18
> An: keycloak-user at lists.jboss.org
> Betreff: Re: [keycloak-user] retrieving custom user attributes
> Hi,
> Well, as far as I can see, the unmarshalled AccessToken does not contain any custom attributes. I would expect something like a Map<String,Object> where you can access additional attributes.
> Just to be clear: the custom attribute I configured does appear in the JWT token, I am simply searching for an easy way to access them from Java. 
> There is an 'otherClaims' in the JsonWebToken, should they appear there? (They don't).
> Kind regards,
> Arjan Lamers
> What do you want for an interface?  KeycloakSecurityContext has the
> unmarshalled IDToken and AccessToken.
> KeycloakPrincipal.getKeycloakSecurityContext().getToken()
> On 9/30/2015 11:12 AM, Arjan Lamers wrote:
> > Hi,
> >
> > I am trying to find an easy way to access custom attributes as defined
> > for a client. For a Keycloak client, I?ve defined a new Mapper for a
> > /user attribute/ to store some additional authorisation data. This then
> > is managed by some user domain that uses the keycloak-admin-client to
> > write that property.
> >
> > The problem arises when I want to access that property in an JEE
> > application.The way I do it right now to use the KeycloakPrincipal found
> > in the javax.ejb.SessionContext. From there, I get the JWT token as a
> > String, deserialize the JSON and access the custom attribute from there.
> > This feels like a very roundabout way to get to the token but somehow I
> > am not able to find an easier way. Is it a missing feature or is it
> > simply too close to the weekend for me ;)?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151009/7a7abc94/attachment.html 

More information about the keycloak-user mailing list