[keycloak-user] OIDC claims are not mapped on first login
Rens Verhage
Rens.Verhage at topicus.nl
Thu Dec 7 16:32:49 EST 2017
Hmm, turns out it was a different problem entirely. Default, Keycloak requests the openid profile for the logged in user. I had to explicitly add scopes profile and email to get the information I need. Why doesn’t Keycloak request profile and email by default? Seems like you can’t really do anything useful without at least profile scope?
Rens
On 7 Dec 2017, at 17:46, Rens Verhage <Rens.Verhage at topicus.nl<mailto:Rens.Verhage at topicus.nl>> wrote:
I have configured an OIDC identity provider and added a few attribute Attribute Importer mappers, such as (claim -> attribute):
preferred_username -> username
email -> email
However, on first login, Keycloak asks me to supply missing user information, including username and e-mail. Username is pre-filled with the sub-claim, everything else is empty.
Did I miss some additional config? I also have a hardcode role which is working fine. Maybe I don’t have the properties right, but I can’t find a list of Keycloak user properties and how to access them through attribute mappers.
Rens
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list