发表新帖
发表新帖

Keycloak retrieve custom attributes to KeycloakPrincipal

前端 未结
关注
2 1618
北海茫月
北海茫月 2020-11-28 21:31

In my rest service i can obtain the principal information after authentication using 

KeycloakPrincipal kcPrincipal = (KeycloakPrincipal) servletRequest.getU
相关标签:
2条回答
  • 盖世英雄少女心
    2020-11-28 22:06

    To add custom attributes you need to do three things:

    1. Add attributes to admin console
    2. Add claim mapping
    3. Access claims

    The first one is explained pretty good here: https://www.keycloak.org/docs/latest/server_admin/index.html#user-attributes

    Add claim mapping:

    1. Open the admin console of your realm.
    2. Go to Clients and open your client
    3. This only works for Settings > Access Type confidential or public (not bearer-only)
    4. Go to Mappers
    5. Create a mapping from your attribute to json
    6. Check "Add to ID token"

    Access claims:

    final Principal userPrincipal = httpRequest.getUserPrincipal();

if (userPrincipal instanceof KeycloakPrincipal) {

    KeycloakPrincipal<KeycloakSecurityContext> kp = (KeycloakPrincipal<KeycloakSecurityContext>) userPrincipal;
    IDToken token = kp.getKeycloakSecurityContext().getIdToken();

    Map<String, Object> otherClaims = token.getOtherClaims();

    if (otherClaims.containsKey("YOUR_CLAIM_KEY")) {
        yourClaim = String.valueOf(otherClaims.get("YOUR_CLAIM_KEY"));
    }
} else {
    throw new RuntimeException(...);
}

    Hope this helps and fits your use case. I used this for a custom attribute I added with a custom theme.

    0 讨论(0)
  • 挽巷
    2020-11-28 22:21

    • Select Users > Lookup > click on ID > go to attributes tab > Add attribute > e.g.: phone > Save enter image description here

    • Select Clients > click on Client ID > go to Mappers Tab > create mapper

      enter image description here

      enter image description here

      enter image description here

    • Get custom attributes

      enter image description here

      enter image description here

    UPDATE

    • Add 'phone' attribute on Group level, assign user to that group, and you get 'phone' attribute from group level for all users

    • Go back to mapper and update 'phone' with 'Aggregate attribute values = true' and 'Multivalued=true', and you get 'phone' as list with both attributes from group and user level. If you keep 'Aggregate attribute values = false' or 'Multivalued=false', you get just one value, where 'phone' attribute from user will override 'phone' attribute from group (which make sense)

    0 讨论(0)
 看不清?
提交回复
热议问题