[keycloak-user] OIDC Identity Provider userinfo parsing problem
Simon Buch Vogensen
Simon.Vogensen at sos.eu
Mon Dec 10 05:02:53 EST 2018
Hi
We are using keycloak 2.5.5 (redhat sso 7.1) as an identity broker with Signicat.com as oidc identity provider.
When keycloak requests userinfo from signicat the response does not parse correctly.
Here is an example response.
{"sub":"xxxxxxxxxxxxxx","name":"Simon Vogensen","signicat.national_id":"123412341234","given_name":"Simon","locale":"SV","family_name":"Vogensen"}
The problem is the dot in the parametername "signicat.national_id" conflicts with the JSON_PATH_DELIMITER in AbstractJsonUserAttributeMapper resulting in the value not getting parsed at all.
The fix I have come up with would be a
currentNode = baseNode.get(fieldPath);
call after no node has been found. See line 206.
I guess this little problem does not qualify for a fix of 2.5.5 - and I don't want to patch our installation - so I guess my best option is to create a specific Signicat Identity Provider - and fix the response in there before sending it into keycloak?
Is this problem fixed in newer versions of keycloak?
Thanks in advance
Regards
Simon Buch Vogensen
More information about the keycloak-user
mailing list