[keycloak-user] Mapping a user attribute to a custom claim

Paolo Tedesco Paolo.Tedesco at cern.ch
Fri Mar 16 11:20:42 EDT 2018 

I tried this in standalone.xml, but nothing gets logged:

        <subsystem xmlns="urn:jboss:domain:logging:3.0">
            <console-handler name="CONSOLE">
                <level name="DEBUG"/>
                <formatter>
                    <named-formatter name="COLOR-PATTERN"/>
                </formatter>
            </console-handler>
            <periodic-rotating-file-handler name="FILE" autoflush="true">
                <level name="DEBUG"/>
                <formatter>
                    <named-formatter name="PATTERN"/>
                </formatter>
                <file relative-to="jboss.server.log.dir" path="server.log"/>
                <suffix value=".yyyy-MM-dd"/>
                <append value="true"/>
            </periodic-rotating-file-handler>
            <logger category="org.keycloak.social.user_profile_dump">
                <level name="DEBUG"/>
            </logger>

Then I restart the service and
tail -f /opt/keycloak/standalone/log/server.log
but when I authenticate with Google I don't see anything in the logs.

Am I doing something wrong?

From: Simon Payne <simonpayne58 at gmail.com>
Sent: Friday, 16 March, 2018 16:02
To: Paolo Tedesco <Paolo.Tedesco at cern.ch>
Cc: keycloak-user at lists.jboss.org
Subject: Re: [keycloak-user] Mapping a user attribute to a custom claim

you can enable DEBUG level logger  org.keycloak.social.user_profile_dump in the standalone-ha.xml

http://www.keycloak.org/docs/latest/server_admin/index.html#_mappers

On Fri, Mar 16, 2018 at 2:41 PM, Paolo Tedesco <Paolo.Tedesco at cern.ch<mailto:Paolo.Tedesco at cern.ch>> wrote:
Hi all,
I've configured Google and Github as Identity Providers.
I would like to have one of the user attributes, the email, mapped to a custom claim, called "userPrincipalName".

I tried creating an Attribute Importer mapper, with
Social Profile JSON Field Path = emailaddress
User Attribute Name = userPrincipalName
but this does not seem to work.

Is there a way to log the JSON token obtained from the identity provider, so that I can have an idea of what should go in the " Social Profile JSON Field Path" field?

Thanks,
Paolo
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list