7

I'm trying to map a realm-role attribute to a jwt token in keycloak using a client mapper. The idea is to assign certain default attributes to roles and the users that belong to the roles should inherit the attributes as well.

For instance, I have a realm-role called web-master and set a role attribute called role-name to 'Web master'. I would like to see in my jwt token something like this {... role_name: 'Web master' ...}.

I tried to use a token mapper and set the User Attribute field to role-name and the Token Claim Name to role_name but it did not worked.

I also tried with roleMappings['web-master'].attributes['role-name'] as User Attribute since the name maps to the UserModel but also didn't work.

I'm running out of options, is it a Script mapper the only possibility or there is an easier one?

atavio
  • 1,145
  • 13
  • 19
  • 1
    Refer this SO post : https://stackoverflow.com/a/56485720/2458858 – tryingToLearn Jul 03 '20 at 05:09
  • 1
    Thanks @tryingToLearn I already checked that ones... Script mapper should work even if it is a bit cumbersome.. maybe somebody knows an easier way. – atavio Jul 03 '20 at 09:53
  • 1
    If you find an alternate solution, do post it as an answer as I could not find any other way to do it either. – tryingToLearn Jul 07 '20 at 08:41
  • In fact put any solution that you followed and which worked. Will be helpful for people who land on your post. – tryingToLearn Jul 07 '20 at 08:42
  • I still haven't implemented the solution. Now the project focus changed and I work on other things. Hopefully sometime in the near future I'll have the chance to work on that and then I'll publish my solution here. – atavio Aug 05 '20 at 15:40
  • @atavio Did you manage to figure out a solution here? I'm trying to figure something out too but coming up empty! – HyperionX Jun 16 '21 at 12:27
  • @HyperionX no, sorry. As mentioned before I'm not working on that anymore. Still it would be interesting to know if there is a solution for this or if it is not possible/easy to do because it is not the right approach with keycloak. – atavio Jun 16 '21 at 15:25
  • 2
    @HyperionX this is a solution using a script mapper: https://stackoverflow.com/questions/68352004/aggregate-attributes-of-roles-in-claims-using-keycloak-script-mapper. Just remove the `currentClaims[k] = v;` line and attributes from roles are added to the token (but not aggregated if there are two roles with same attribute). – user2609980 Jul 15 '21 at 15:02

0 Answers0