[keycloak-user] kcadm - adding a protocol-mapper
Jamie McDowell
jambo_mcd at yahoo.co.uk
Tue Jul 31 11:15:41 EDT 2018
Cheers Guys,
We have got this working by importing a json file with the settings.
I can look at creating a bug in regards to adding this via kcadm if this is definitely a bug?
Regards,
Jamie
On Tuesday, 31 July 2018, 08:11:52 BST, Matthias Kesternich <matthias.kesternich at moneymeets.com> wrote:
FWIW I have no problem creating mappers for 4.0.0 and 4.1.0. I use this:
kcadm.sh create clients/$CLIENT_ID/protocol-mappers/models -f - << 'EOF'
{
"protocol": "openid-connect",
"name": "scope",
"protocolMapper": "oidc-script-based-protocol-mapper",
"config": {
"script": "somescript",
"id.token.claim": false,
"access.token.claim": true,
"userinfo.token.claim": false,
"multivalued": true,
"claim.name": "myclaim",
"jsonType.label": ""
}
}
EOF
To me it seems the OPs json is invalid as indicated by "handleUnexpectedToken".
Best,
-Matthias
Am 31.07.18, 04:50 schrieb "keycloak-user-bounces at lists.jboss.org im Auftrag von Dmitry Telegin" <keycloak-user-bounces at lists.jboss.org im Auftrag von dt at acutus.pro>:
Hi Jamie,
Seems like you've hit a bug. I can confirm this for KC 4.1.0. As a workaround I've tried to use JSON, but got even stranger error:
Resource not found for url: http://localhost:8080/auth/admin/realms/master/clients/<id>/protocol-mappers/models
But that's exactly the URL the Admin Console makes HTTP POST to. I'd suggest that you file a bug in JIRA.
Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info at acutus.pro
On Fri, 2018-07-27 at 16:29 +0000, Jamie McDowell wrote:
> Hi,
>
> I am trying to add a client protocol-mapper however when i try and run this i get a HTTP error - 500 Internal Server Error
> opt/jboss/keycloak/bin/kcadm.sh create \clients/<id>/protocol-mappers/models \-r demorealm \-s protocol=openid-connect \-s protocolMapper=oidc-usermodel-realm-mapper \-s consentRequired=false \-s config.claim.name=group_membership \-s config.jsonType.label=String \-s config.id.token.claim=true \-s config.access.token.claim=true \-s config.userinfo.token.claim=true \-s config.multivalued=true \-s name=Realm \
> I can confirm that kcadm works as i have been able to create groups, LDAP mappers, realms etc...
> In the server.log i can see the below error when i run the above
> > ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-109) Uncaught server error: com.fasterxml.jackson.databind.JsonMappingException: Can notat [Source: io.undertow.servlet.spec.ServletInputStreamImpl at 55dee6f8; line: 1, column: 119] (through reference chain: org.keycloak.representations.idm.ProtocolMapperRepresentation["co at com.fasterxml.jackson.databind.JsonMappingException.from(JsonMappingException.java:270) at com.fasterxml.jackson.databind.DeserializationContext.reportMappingException(DeserializationContext.java:1234) at com.fasterxml.jackson.databind.DeserializationContext.handleUnexpectedToken(DeserializationContext.java:1122) at com.fasterxml.jackson.databind.DeserializationContext.handleUnexpectedToken(DeserializationContext.java:1075) at com.fasterxml.jackson.databind.deser.std.StringDeserializer.deserialize(StringDeserializer.java:60)
> Appreciate if anyone can advise on this (keycloak version is 3.4.3)
> Thanks Jamie
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list