i have an open id provider and i use this provider as identity broker of keycloak. I want to map roles (claims) which sent from broker to keycloak (and keycloak will sent mapped roles in its jwt). I want to know how to implement and add a custom mapper to keycloak (like hardcodedmapper, attributemapper in keycloak). Can i do this? Thanks
2 Answers
Create your new provider
class, I extended the existing org.keycloak.broker.saml.mappers.AttributeToRoleMapper
class.
When building your jar ensure you have a folder called services within the jars, META-INF folder.
Within this folder create a simple text file called org.keycloak.broker.provider.IdentityProviderMapper
, within that file add the full name of your new provider class, i.e. package.Classname
.
Once compiled drop the file in the providers folder below the Keycloak root folder. Restart your container.
I had to do something slightly different in order to get my custom mapper working with the latest version of Keycloak (4.8 at time of writing this):
Created a custom mapper that extends
AbstractOIDCProtocolMapper
:package com.test; import org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper; public class MyTestMapper extends AbstractOIDCProtocolMapper { ... }
In
src/main/resources
, create a folder structureMETA-INF/services
Create a file called
org.keycloak.protocol.ProtocolMapper
inMETA-INF/services
directory. Its contents should be just one line containing the fully qualified class name of your custom mapper:com.test.MyTestMapper
Under the
META-INF
folder insrc/main/resources
(one up fromservices
), create a file calledjboss-deployment-structure.xml
. Depending on what you're doing, you will need to add the appropriate JBoss modules here. For my simple test mapper, I used:<?xml version="1.0" encoding="UTF-8"?> <jboss-deployment-structure> <deployment> <dependencies> <module name="org.keycloak.keycloak-services" /> </dependencies> </deployment> </jboss-deployment-structure>
initToken
or similar method in your custom mapper. – Xtreme Biker