[keycloak-user] Realm wide custom id / access token claims.
Bill Burke
bburke at redhat.com
Fri Feb 5 09:05:30 EST 2016
See ClientTemplates
On 2/5/2016 7:59 AM, Thomas Darimont wrote:
> Hello group,
>
> In my user model I have a custom user attribute that I want to make
> available to multiple
> clients via the id / access token with just one definition. Is this
> already possible somehow?
>
> Currently one can define custom mappers for a single client via:
> (In Admin Console) Realm -> Clients -> example-client -> Mappers -> create
>
> There I can specify a new mapper of type "user attribute" where I can
> refer to the actual user attribute, give it a "token claim name" (e.g.
> "myattribute") and specify whether this should be included in the ID
> and / or access token.
>
> The user attribute in the token can then be accessed from within the
> client via:
> KeycloakSecurityContext:getIdToken().getOtherClaims().get("myattribute")
>
> This apporach however requires that I configure this for every client
> - for which I already have 10 (trend: upwards)...
> It would make thinks a lot easier if it were possible to specify those
> mappers realm wide...
>
> PS: I'm currently using Keycloak 1.9.0.CR1
>
> Cheers,
> Thomas
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160205/7024b2a6/attachment.html
More information about the keycloak-user
mailing list