[keycloak-user] kcadm - adding a protocol-mapper

Dmitry Telegin dt at acutus.pro
Wed Aug 1 20:45:50 EDT 2018 

Hi,

My bad, I've used incorrect JSON, thanks Matthias for pointing out that JSON indeed does work.

On Tue, 2018-07-31 at 15:15 +0000, Jamie McDowell wrote:
> Cheers Guys,
> 
> We have got this working by importing a json file with the settings. 
> 
> I can look at creating a bug in regards to adding this via kcadm if this is definitely a bug?

Well, JSON is successfully consumed by kcadm, but its exact CLI equivalent is not, definitely seems like a bug to me. So feel free to file it in JIRA.

Good luck!
Dmitry

> 
> 
> Regards,
> 
> Jamie
> 
> 
> On Tuesday, 31 July 2018, 08:11:52 BST, Matthias Kesternich <matthias.kesternich at moneymeets.com> wrote:
> 
> 
> FWIW I have no problem creating mappers for 4.0.0 and 4.1.0. I use this:
> 
> 
> 
> kcadm.sh create clients/$CLIENT_ID/protocol-mappers/models -f - << 'EOF'
> 
> {
> 
>   "protocol": "openid-connect",
> 
>   "name": "scope",
> 
>   "protocolMapper": "oidc-script-based-protocol-mapper",
> 
>   "config": {
> 
>     "script": "somescript",
> 
>     "id.token.claim": false,
> 
>     "access.token.claim": true,
> 
>     "userinfo.token.claim": false,
> 
>     "multivalued": true,
> 
>     "claim.name": "myclaim",
> 
>     "jsonType.label": ""
> 
>   }
> 
> }
> 
> EOF
> 
> 
> 
> To me it seems the OPs json is invalid as indicated by "handleUnexpectedToken".
> 
> 
> 
> Best,
> 
> -Matthias
> 
> 
> 
> > > > Am 31.07.18, 04:50 schrieb "keycloak-user-bounces at lists.jboss.org im Auftrag von Dmitry Telegin" <keycloak-user-bounces at lists.jboss.org im Auftrag von dt at acutus.pro>:
> 
> 
> 
>     Hi Jamie,
> 
>     
> 
>     Seems like you've hit a bug. I can confirm this for KC 4.1.0. As a workaround I've tried to use JSON, but got even stranger error:
> 
>     
> 
>     Resource not found for url: http://localhost:8080/auth/admin/realms/master/clients/<id>/protocol-mappers/models
> 
>     
> 
>     But that's exactly the URL the Admin Console makes HTTP POST to. I'd suggest that you file a bug in JIRA.
> 
>     
> 
>     Cheers,
> 
>     Dmitry Telegin
> 
>     CTO, Acutus s.r.o.
> 
>     Keycloak Consulting and Training
> 
>     
> 
>     Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
> 
>     +42 (022) 888-30-71
> 
>     E-mail: info at acutus.pro
> 
>     
> 
>     On Fri, 2018-07-27 at 16:29 +0000, Jamie McDowell wrote:
> 
>     > Hi,
> 
>     > 
> 
>     > I am trying to add a client protocol-mapper however when i try and run this i get a HTTP error - 500 Internal Server Error
> 
>     > opt/jboss/keycloak/bin/kcadm.sh create \clients/<id>/protocol-mappers/models \-r demorealm \-s protocol=openid-connect \-s protocolMapper=oidc-usermodel-realm-mapper \-s consentRequired=false \-s config.claim.name=group_membership \-s config.jsonType.label=String \-s config.id.token.claim=true \-s config.access.token.claim=true \-s config.userinfo.token.claim=true \-s config.multivalued=true \-s name=Realm \
> 
>     > I can confirm that kcadm works as i have been able to create groups, LDAP mappers, realms etc...
> 
>     > In the server.log i can see the below error when i run the above
> 
> >     > > ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-109) Uncaught server error: com.fasterxml.jackson.databind.JsonMappingException: Can notat [Source: io.undertow.servlet.spec.ServletInputStreamImpl at 55dee6f8; line: 1, column: 119] (through reference chain: org.keycloak.representations.idm.ProtocolMapperRepresentation["co      at com.fasterxml.jackson.databind.JsonMappingException.from(JsonMappingException.java:270)                                                                                            at com.fasterxml.jackson.databind.DeserializationContext.reportMappingException(DeserializationContext.java:1234)                                                                    at com.fasterxml.jackson.databind.DeserializationContext.handleUnexpectedToken(DeserializationContext.java:1122)                                                                      at com.fasterxml.jackson.databind.DeserializationContext.handleUnexpectedToken(DeserializationContext.java:1075)                                                                      at com.fasterxml.jackson.databind.deser.std.StringDeserializer.deserialize(StringDeserializer.java:60)
> 
>     > Appreciate if anyone can advise on this (keycloak version is 3.4.3)
> 
>     > Thanks Jamie  
> 
>     > _______________________________________________
> 
>     > keycloak-user mailing list
> 
>     > keycloak-user at lists.jboss.org
> 
>     > https://lists.jboss.org/mailman/listinfo/keycloak-user
> 
> 
>     
> 
>     _______________________________________________
> 
>     keycloak-user mailing list
> 
>     keycloak-user at lists.jboss.org
> 
>     https://lists.jboss.org/mailman/listinfo/keycloak-user
> 
>

More information about the keycloak-user mailing list