I'm trying to create a keycloak identity provider mapper with the admin client. It works with json file import, but for some scripting it would be better to have all in the options. When I run the statement I get a class cast exception:
kcadm create identity-provider/instances/oidc/mappers -r quarkus \
-s name=Test_CLI \
-s identityProviderMapper=oidc-role-idp-mapper \
-s identityProviderAlias=oidc \
-s config.syncMode=FORCE \
-s config.claim=roles \
-s config.role=calculate \
-s config.claim.value=CALC
class com.fasterxml.jackson.databind.node.TextNode cannot be cast to class
com.fasterxml.jackson.databind.node.ObjectNode
(com.fasterxml.jackson.databind.node.TextNode and
com.fasterxml.jackson.databind.node.ObjectNode are in unnamed module of loader 'app')
The problem is the -s config.claim.value=CALC. Without the statement works. Is this a bug or is there another way to provide the value?
Finally found the solution. It is caused due to the "bad naming" of the "claim.value" which is one key but interpreted as hierarchy. It should better be claim_value or similar. The solution is to quote the the "claim.value". So the correct query is:
kcadm create identity-provider/instances/oidc/mappers -r quarkus \
-s name=Test_CLI \
-s identityProviderMapper=oidc-role-idp-mapper \
-s identityProviderAlias=oidc \
-s config.syncMode=FORCE \
-s config.claim=roles \
-s config.role=calculate \
-s config.\"claim.value\"=CALC
Please note that you need to escape the quotes with \!