1
votes

i have an open id provider and i use this provider as identity broker of keycloak. I want to map roles (claims) which sent from broker to keycloak (and keycloak will sent mapped roles in its jwt). I want to know how to implement and add a custom mapper to keycloak (like hardcodedmapper, attributemapper in keycloak). Can i do this? Thanks

2
Please, do not post questions twice. You can edit your question or whatever, if you find it takes long to be answered, ask in the keycloak user maillist.Xtreme Biker
Has anyone solution or suggestion about it?Batuhan
Use a custom mapper that accesses your service and retrieves the extra info using REST API, DB connection or similar. Then add the info to your token before it gets encoded initToken or similar method in your custom mapper.Xtreme Biker
@Xtreme Biker thanks for answer, custom mapper means that identity provider mapper on keycloak, isn't it, how can i implement and add a custom mapper to keycloak?Batuhan

2 Answers

4
votes

Create your new provider class, I extended the existing org.keycloak.broker.saml.mappers.AttributeToRoleMapper class.

When building your jar ensure you have a folder called services within the jars, META-INF folder.

Within this folder create a simple text file called org.keycloak.broker.provider.IdentityProviderMapper, within that file add the full name of your new provider class, i.e. package.Classname.

Once compiled drop the file in the providers folder below the Keycloak root folder. Restart your container.

3
votes

I had to do something slightly different in order to get my custom mapper working with the latest version of Keycloak (4.8 at time of writing this):

  • Created a custom mapper that extends AbstractOIDCProtocolMapper:

    package com.test;
    
    import org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper;
    
    public class MyTestMapper extends AbstractOIDCProtocolMapper {
        ...
    }
    
  • In src/main/resources, create a folder structure META-INF/services

  • Create a file called org.keycloak.protocol.ProtocolMapper in META-INF/services directory. Its contents should be just one line containing the fully qualified class name of your custom mapper:

    com.test.MyTestMapper
    
  • Under the META-INF folder in src/main/resources (one up from services), create a file called jboss-deployment-structure.xml. Depending on what you're doing, you will need to add the appropriate JBoss modules here. For my simple test mapper, I used:

    <?xml version="1.0" encoding="UTF-8"?>
    <jboss-deployment-structure>
        <deployment>
            <dependencies>
                <module name="org.keycloak.keycloak-services" />
            </dependencies>
        </deployment>
    </jboss-deployment-structure>