keycloakoidc-identity-brokering
How to map user attributes to external IDP claims in a Keycloak instance
Im using the identity brokering feature to log user through Azure AD. Im stuck when Im trying to map user attributes via the Identity provider Attribute Importer. Im pretty sure that the claim exist in the access token of Azure AD. If I try the standard sub claim it works perfectly.. Does someone know some restrictions or limitations to which claims we can import from the external access token?
Example of the external access token:
"app_displayname": "*************",
"appid": "*************",
"appidacr": "1",
"family_name": "user",
"given_name": "user",
"idtyp": "user",
"ipaddr": "*************",
"name": "user-user",
"oid": "*************",
"sub": "*************",
"tenant_region_scope": "*************",
"tid": "*************",
"unique_name": "*************",
"upn": "*************",
"uti": "*************",
Solution
I found out that I need to specify correctly the scope to include all claims from the external IDP token. In your identity provider click on Advanced link to show the scopes field. In my case the scope value is openid profile email
- Role-based authentication not working with Keycloak and Java Spring
- Keycloak error on console " violating Content Security Policy directive: "frame-ancestors 'self'"
- Keycloak authorization_code invalid format
- nest-keycloak-connect realmUrl missing first part of the url
- Keycloak set password policy via Rest API
- superset keycloak integration on https
- Keycloak: getting back from user profile page
- How to load initial realm in keycloak server with docker?
- Keycloak + SPA as client (Vue) + Spring Cloud Gateway as resource server + Spring Boot Microservices
- Use Keycloak Spring Adapter with Spring Boot 3
- KeyCloak - How to add Role's attribute into a user JWT (Access Token)?
- Keycloak - Client Roles - Retrieve custom attributes
- Configure Keycloak OTP via Administration REST API
- Blazor Hosted WebAssembly with Keycloak and Basic Authentication Issue
- KeyCloak Integration with Azure B2C UserName Mapping Issue
- Keycloak: Not able to load admin GUI/console
- Keycloak retrieve custom attributes to KeycloakPrincipal
- Keycloak SSL setup using docker image
- How to change keycloak jvm arguments via CLI in standalone configuration
- Logout from next-auth with keycloak provider not works
- Cannot find module 'keycloak-js/authz' while import with TypeScript
- How to bypass keycloak login page and provide client suggested idp with spring security
- Keycloak Custom message on user temporary lock
- Angular - Spring Boot - Keycloak - 401 Error
- Spring Security + Keycloak (with self signed certs) - How do you disable hostname verification?
- Keycloak, not returning access token if update password action selected
- Keycloack Custom Identity provider
- Keycloak lost admin password
- How to make keycloak sessions survive server restarts or upgrades?
- How can I authenticate using the token exchange grant type for impersonation with spring boot and keycloak?