问题
I've followed the guide at [1] to map a single user attribute. However, I need to map all attributes to an array, so that every attribute for a particular User shows up in an attribute array of the access token (Or better, restrict attributes to a certain group of attributes, but I guess user attributes are only a flat key/value map).
I tried out setting a wildcard * in the User Attribute field of the client mapper. But no matter what I do, I can ony set one attribute at a time given an actual attribute key of a user's attribute map.
[1] Keycloak retrieve custom attributes to KeycloakPrincipal
回答1:
I was in trouble with the same problem.
I have tried the following:
- Added a key "department" with a single value for example "finance". Adding a second key "department" with another value "development" overwrites the initial entry.
- I also have tried to put something like a list into the value column, such as "development, finance" or "development; finance" but this is treated as a single value too.
If you use "development##finance" in admin console, the user will have "department" attribute with 2 values "development" and "finance".
The "##" seem to be the delimiter to use.
So, if you mark "multivalued" switch in your protocolMapper for "department" attribute, the accessToken will contain list with 2 values "development" and "finance".
"department": [ "development", "finance" ]
This worked for me.
KeyCloak version 11.0.2
回答2:
You can write your own Keycloak extension. One solution would be to write custom Authenticator where you can: filter user attributes -> join attributes values -> write resulted JSON array as user session note.
Then add Client Mapper which maps this session note into a single claim.
来源:https://stackoverflow.com/questions/60767085/keycloak-map-multiple-user-attributes