Azure AD does not sends claims info in Id or Access tokens
I'm trying to connect Azure ActiveDirectory with Keycloak using OpenID Connect v1.0 protocol.
I connected Keycloak and I can login with azure account in Keycloak, but I can't pass any optional claims to my id or access tokens. They have only standard fields. On the frontend side I'm checking the /token path after login.
In my Manifest i see optional claims in both tokens. I gave all possible accesses to claims on security tab but all without success.
Can you please give me a tipp, how can i solve this? What should i look/check? I need to transfer roles/groups from azure account to my Keycloak and map them.
For optional claims or attributes to be present in Id token or access token ,
Check the added optional claims in Azure AD for the application.
In the keycloak , create the mappers to reflect in Id token or access token.
- In the realm in keycloak , go to Clients in the dashboard and select your client.
- Navigate to 'Mappers' label and click 'Create'.
Then for example mapper type can be of 'User Attribute' or Attributr importer for different Identity provider.
If that is selected , then fill the attribute name that user actually has when authenticates and select the appropriate option , if it is to be included in any of ID token, access token and userinfo.
In case of mapping from another IDP i.e; here Azure AD
refer this sample for okta
For example If upn is selected for optional claim in AzureAD:
From Identiy Providers blade , select mappers and use attribute importer for mapper type.
References:
- What is a difference between elastic computing and serverless computing?
- Access Sharepoint Online Files from .NET Worker Service via Microsoft Graph/OAuth - Unauthorized or Access Denied error (401)
- How do I fix SerializationNotSupportedParentType and ThrowNotSupportedException_ConstructorContainsNullParameterNames exception in System.Text.Json?
- Update VCore by database in power shell
- While scanning a simple key, could not find expected ':'. Syntax error in azure-pipeline.yaml
- I'm not able to call the Azure document intelligence api using the latest api version "2024-02-29-preview"
- AzureWebJobsStorage Managed Identity not working
- Get-RemoteDomain in powershell exchange online error : The term 'Get-RemoteDomain' is not recognized as the name of a cmdlet
- How can I Get Started Using Certificates to Authenticate my APIs Using Azure Key Vault?
- Azure Storage blob getting the io.netty.channel.StacklessClosedChannelException while generating /downloading the from SasUrl
- How to set up a site-to-site connection between Azure VNet and an on-premises network with a single IP address for traffic selectors?
- Summarization of docx or pdf document
- Unable to use Azure Developer CLI (azd) in vsCode even after extensions installed
- How to configure backend application on Container Apps
- WebJob is stopping due to website shutting down
- Azure SQL trigger for Functions configuration problem
- Does azure blob storage support http2?
- Azure Pronunciation Assessment Could not deserialize speech context error
- Is there a query to run so I can get a list of users who has NOT logged in, in the past 30 days?
- How do I Parse FormData containing a audio file in AZ function app in 2025
- Not able to delete Public IP address in azure
- Azure Devops Apple App Store Release.Missing value for the attribute 'whatsNew'
- Azure Storage accounts container public access level has dissabled
- Issue with adding delegated Graph API permission to Enterprise app with Terraform
- Getting an error when using the Flexible File Destination Task in Visual Studio 2022 SSIS
- Problem with Azure Email Communication Service Custom Domain
- How to refresh client assertion in ConfidentialClientApplication?
- Using Microsoft Graph Explorer (we have code too) we can GET All Subscriptions, but GET one by ID gives access error
- Invalid operands found for operator -eq
- nginx - php-fpm - azure container app returns truncated pages