[keycloak-user] Realm wide custom id / access token claims.

Thomas Darimont thomas.darimont at googlemail.com
Fri Feb 5 07:59:03 EST 2016


Hello group,

In my user model I have a custom user attribute that I want to make
available to multiple
clients via the id / access token with just one definition. Is this already
possible somehow?

Currently one can define custom mappers for a single client via:
(In Admin Console) Realm -> Clients -> example-client -> Mappers -> create

There I can specify a new mapper of type "user attribute" where I can refer
to the actual user attribute, give it a "token claim name" (e.g.
"myattribute") and specify whether this should be included in the ID and /
or access token.

The user attribute in the token can then be accessed from within the client
via:
KeycloakSecurityContext:getIdToken().getOtherClaims().get("myattribute")

This apporach however requires that I configure this for every client - for
which I already have 10 (trend: upwards)...
It would make thinks a lot easier if it were possible to specify those
mappers realm wide...

PS: I'm currently using Keycloak 1.9.0.CR1

Cheers,
Thomas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160205/7140c821/attachment.html 


More information about the keycloak-user mailing list