Keycloak 将自定义属性检索到 KeycloakPrincipal
[英]Keycloak retrieve custom attributes to KeycloakPrincipal
问题描述
In my rest service i can obtain the principal information after authentication using
在我的 rest 服务中,我可以在使用身份验证后获取主体信息
KeycloakPrincipal kcPrincipal = (KeycloakPrincipal) servletRequest.getUserPrincipal();
statement.陈述。
Keycloak principal doesn't contain all the information i need about the authenticated user. Keycloak 主体不包含我需要的有关经过身份验证的用户的所有信息。 Is it possible to customize my own principal type?是否可以自定义我自己的主体类型? On the keycloak-server-end I've developed a user federation provider.在 keycloak-server-end 我开发了一个用户联合提供者。 I saw that UserModel makes possible to add a set of custom attributes to my user.我看到 UserModel 可以为我的用户添加一组自定义属性。
Is it possible to insert my custom principal in that code?是否可以在该代码中插入我的自定义主体?
Is it possible to retrieve this attributes from keycloak principal?是否可以从 keycloak 主体中检索此属性?
What is the way?方法是什么?
3 个解决方案
解决方案1
83 已采纳 2015-10-01 14:22:51
To add custom attributes you need to do three things:要添加自定义属性,您需要做三件事:
- Add attributes to admin console向管理控制台添加属性
- Add claim mapping添加声明映射
- Access claims访问声明
The first one is explained pretty good here: https://www.keycloak.org/docs/latest/server_admin/index.html#user-attributes第一个在这里解释得很好: https : //www.keycloak.org/docs/latest/server_admin/index.html#user-attributes
Add claim mapping:添加声明映射:
- Open the admin console of your realm.打开您领域的管理控制台。
- Go to Clients and open your client转到客户端并打开您的客户端
- This only works for Settings > Access Type confidential or public (not bearer-only)这仅适用于设置 > 访问类型机密或公开(非承载)
- Go to Mappers转到映射器
- Create a mapping from your attribute to json创建从属性到 json 的映射
- Check "Add to ID token"选中“添加到 ID 令牌”
Access claims:访问声明:
final Principal userPrincipal = httpRequest.getUserPrincipal();
if (userPrincipal instanceof KeycloakPrincipal) {
KeycloakPrincipal<KeycloakSecurityContext> kp = (KeycloakPrincipal<KeycloakSecurityContext>) userPrincipal;
IDToken token = kp.getKeycloakSecurityContext().getIdToken();
Map<String, Object> otherClaims = token.getOtherClaims();
if (otherClaims.containsKey("YOUR_CLAIM_KEY")) {
yourClaim = String.valueOf(otherClaims.get("YOUR_CLAIM_KEY"));
}
} else {
throw new RuntimeException(...);
}
Hope this helps and fits your use case.希望这有助于并适合您的用例。 I used this for a custom attribute I added with a custom theme.我将此用于添加自定义主题的自定义属性。
解决方案2
60 2017-12-06 18:55:32
Select Users > Lookup > click on ID > go to attributes tab > Add attribute > eg: phone > Save
选择用户 > 查找 > 单击 ID > 转到属性选项卡 > 添加属性 > 例如:电话 > 保存Select Clients > click on Client ID > go to Mappers Tab > create mapper
选择客户端 > 单击客户端 ID > 转到映射器选项卡 > 创建映射器Get custom attributes
获取自定义属性
UPDATE更新
Add 'phone' attribute on Group level, assign user to that group, and you get 'phone' attribute from group level for all users
在组级别添加“电话”属性,将用户分配到该组,然后您从所有用户的组级别获得“电话”属性Go back to mapper and update 'phone' with 'Aggregate attribute values = true' and 'Multivalued=true', and you get 'phone' as list with both attributes from group and user level.
返回映射器并使用“Aggregate attribute values = true”和“Multivalued=true”更新“phone”,您将获得“phone”作为包含组和用户级别属性的列表。 If you keep 'Aggregate attribute values = false' or 'Multivalued=false', you get just one value, where 'phone' attribute from user will override 'phone' attribute from group (which make sense)如果您保留 'Aggregate attribute values = false' 或 'Multivalued=false',您只会得到一个值,其中来自用户的 'phone' 属性将覆盖来自组的 'phone' 属性(这是有道理的)
解决方案3
0 2022-08-05 08:51:47
For Keycloak > 18 the configuration of the mappers has moved in the UI:对于 Keycloak > 18,映射器的配置已在 UI 中移动:
Inside Clients > Your selected client under the tab Client Scopes , one has to select account-dedicated :在Clients > Your selected client在Client Scopes选项卡下选择的客户,必须 select account-dedicated :
There custom mappers can be added:可以添加自定义映射器:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.