Login/Register
Keycloak create a custom identity provider mapper
Asked Answered
Solved jbosskeycloakjboss-toolsjboss-eap-7keycloak-services
G

2

2

i have an open id provider and i use this provider as identity broker of keycloak. I want to map roles (claims) which sent from broker to keycloak (and keycloak will sent mapped roles in its jwt). I want to know how to implement and add a custom mapper to keycloak (like hardcodedmapper, attributemapper in keycloak). Can i do this? Thanks

Galliwasp answered 5/10, 2017 at 22:0 Comment(8)
Possible duplicate of Keycloak custom OpenID Connect Identity Provider mapperSince
Please, do not post questions twice. You can edit your question or whatever, if you find it takes long to be answered, ask in the keycloak user maillist.Since
Has anyone solution or suggestion about it?Galliwasp
Use a custom mapper that accesses your service and retrieves the extra info using REST API, DB connection or similar. Then add the info to your token before it gets encoded initToken or similar method in your custom mapper.Since
@Xtreme Biker thanks for answer, custom mapper means that identity provider mapper on keycloak, isn't it, how can i implement and add a custom mapper to keycloak?Galliwasp
Yes, it is. You've got a bunch of examples here github.com/keycloak/keycloak/tree/master/services/src/main/java/…Since
@Xtreme Biker yes, i saw these source codes, i will implement a mapper like that, but how can i add(import) this custom mapper to keycloak as a mapper type,Galliwasp
Is there no one who can explain how to add or import custom mapper implementation to keycloak app?Galliwasp
S
8

Create your new provider class, I extended the existing org.keycloak.broker.saml.mappers.AttributeToRoleMapper class.

When building your jar ensure you have a folder called services within the jars, META-INF folder.

Within this folder create a simple text file called org.keycloak.broker.provider.IdentityProviderMapper, within that file add the full name of your new provider class, i.e. package.Classname.

Once compiled drop the file in the providers folder below the Keycloak root folder. Restart your container.

Sixth answered 30/1, 2018 at 16:3 Comment(1)
Hello, thanks for your answer. Are there an example code block or sample provider class (and or project.) Firstly, i will create a java library and i will i extend "org.keycloak.broker.saml.mappers.AttributeToRoleMapper" class, and then i will build it and drop it to keycloak_root/provider. am i right? I do not understand clearly, please explain this sentence "When building your jar ensure you have a folder called services within the jars, META-INF folder."Galliwasp
A
5

I had to do something slightly different in order to get my custom mapper working with the latest version of Keycloak (4.8 at time of writing this):

  • Created a custom mapper that extends AbstractOIDCProtocolMapper:

    package com.test;

import org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper;

public class MyTestMapper extends AbstractOIDCProtocolMapper {
    ...
}

  • In src/main/resources, create a folder structure META-INF/services

  • Create a file called org.keycloak.protocol.ProtocolMapper in META-INF/services directory. Its contents should be just one line containing the fully qualified class name of your custom mapper:

    com.test.MyTestMapper

  • Under the META-INF folder in src/main/resources (one up from services), create a file called jboss-deployment-structure.xml. Depending on what you're doing, you will need to add the appropriate JBoss modules here. For my simple test mapper, I used:

    <?xml version="1.0" encoding="UTF-8"?>
<jboss-deployment-structure>
    <deployment>
        <dependencies>
            <module name="org.keycloak.keycloak-services" />
        </dependencies>
    </deployment>
</jboss-deployment-structure>
Aftershock answered 4/1, 2019 at 8:36 Comment(2)
I'm doing something similar, where are you dropping your Jar ? I can't get it to show up in keycloak even though when I check standalone/deployments my jar shows as deployedBrushwood
Your jar should go in /opt/jboss/keycloak/standalone/deployments/yourcode.jarAftershock

© 2022 - 2024 — McMap. All rights reserved.