Adding protocol mapper for user attribute using kcadm
874 views
Skip to first unread message
Pritha Srivastava
Jun 11, 2021, 2:56:04 AM6/11/21
to Keycloak User
Hi All,
I am trying to add a protocol mapper using kcadm for a test user attribute. I have done the following:
1. Logged in as an admin user
./kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user admin --password admin
2. Create a test user, with attribute 'test'
./kcadm.sh create users -s username=testuser1 -s enabled=true -s 'attributes.test=test' -r master
3. Create a protocol mapper for attribute 'test' to a client with id 'app-jsp'
./kcadm.sh create clients/app-jsp/protocol-mappers/models -f - << 'EOF'
{
"protocol":"openid-connect",
"name": "test",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"config": {
"user.attribute":"test",
"claim.name":"test",
"jsonType.label": "",
"access.token.claim": true,
"userinfo.token.claim": false,
"multivalued": true
}
}
EOF
{
"protocol":"openid-connect",
"name": "test",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"config": {
"user.attribute":"test",
"claim.name":"test",
"jsonType.label": "",
"access.token.claim": true,
"userinfo.token.claim": false,
"multivalued": true
}
}
EOF
I see an error: Resource not found for url: http://localhost:8080/auth/admin/realms/master/clients/app-jsp/protocol-mappers/models
The client with client-id 'app-jsp' is present under the 'master' realm.
Thanks,
Pritha
Pritha Srivastava
Jun 16, 2021, 12:59:49 PM6/16/21
to Keycloak User
Hi All,
Can anyone please help me with this?
Thanks,
Pritha
Edwin Steiner
Jun 17, 2021, 8:32:16 AM6/17/21
to Keycloak User
Hello Pritha
When creating a protocol mapper you have to specify the client in the URL (clients/$CLIENT_ID/protocol-mappers/models) by its "id" field and not its "clientId" ("app-jsp" in your example).
You can get the "id" easily from the "clientId" with: kcadm.sh get clients -r ${REALM} --fields id,clientId | jq '.[] | select(.clientId==("'${CLIENT_ID}'")) | .id'
Have a look at our tutorials at https://keycloak.ch for configuring Keycloak with the CLI.
Regards,
Edwin
Pritha Srivastava
Jun 18, 2021, 12:45:18 PM6/18/21
to Edwin Steiner, Keycloak User
Hi Edwin,
Thank you for your response. This worked!
Regards,
Pritha
--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/c49ab90e-844c-4e8b-931d-dfffc7779682n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages