Just wanted to say... thank you. I had this working on an instance of Keycloak. I deployed it in a quick and dirty way. Due to my laziness, I did not make proper notes on what I did and for the life of me, I couldn't get it working again. Like, I mean, multiple days of effort went into trying to get something working, which I knew I had done previously. I cloned your repo and tried it out and it worked first time.
As a system engineer, this was where I just ignored my Architect's pusback when it came to "too extensive documentation" and did it anyway. Developers already told me how useful parts of it were to them.
@Niko Köbler (@dasniko) Hi Niko, I'm relativ new to Keycloak and doing some testing with it. I try to create a Mapper to at ClientRole-Attributes to the token. Thanks for the great videos, also the debugging Video! Just struggleing on my Mac with the container startup. But my question is, do you have a video how to deploy this jar? At least I am now with the latest Keycloak (18) Version. It's not the problem to bring the jar in die container... it's more about "where" and how to initiate it with the build. But this could be done with a custom Dockerfile.. ok, it's just more there "where to place the jars" 🙂
Nice Video! I created the jar file from your code and copied to standalone\deployments folder. I restarted my local Keycloak but I am unable to see the Mapper Type ..Lucky Number..any idea?
I am at present using built in UserAttributeMapper aggregating values over groups and is configured as multivalued. We have a specific client who cannot process array of string in claim but rather expects claim value as comma separated string. Can i write a new mapper which takes the claim from the UserAttributeMapper and just concatenates the values?
Hello Niko, I have implemented the custom token mapper, deployed the jar in keyclock server and token is generating as expected. But when I am validating the token using /account or /userinfo its giving 401 error. If i remove the custom mapper the token validation is working fine. DO I need to do some configuration for custom mapper to validate.
First of all, thank you for the Video. I'm fairly new to Programing (Sysadmin here ;)), i'll try to recreate your mapper within IntelliJ, but i get errors like "Package org.keycloak.models is not available". Do i miss something? I asume i need to install the Packges somehow. I know how to do it with Python and VSCode, but i kinda stuck in here :D Maybe you habe a little hint?
Nice video, Niko. I have a doubt about mappers. I have my db with their respective tables about permissions, How can I map, those permissions as roles of each user in keycloak?. A few months ago, I commented some of your videos about use userStorageSPI, and your replies were so helpful for me. Thank you so much!
I can't give support to all requests, sorry. Also, RUclips comments are not a good support forum, there are others available where more KC users are around.
Hello, gus, I've already finished that specific task. What I did was just create a few SQL sentences in the java codes, which look for the current user loged and look for the permissions assigned, respectively. Finally with a few "foreach" loops I just mapped those permissions into the userEntity
Thankyou for the video. I still have a question, How do I use the fine-grain authorization controls provided by keycloak with my backend application ? Keycloak provides resources, permissions, scopes and policies and I am unable to see a implemention on how can I use this feature with my existing backend ? Any help is appretiated
Sir How can I add the resources in the keycloak user token payload? I have created the resources, scopes, policies and permissions in the keycloak now i want to add the resources according to the user roles in the user token. please ans
Hi! I tried to make a protocol mapper in keycloak 20.0.0 but the setClaim function doesn't seem to work, while if i use transformAccessToken directly it works but still it shouldn't be implemented like this, do you have an idea why?
@Niko Köbler (@dasniko) Excellent video! In my mapper class i need to call an external service which uses the user credentials. I can get the user username, but how can i get the password? In the method "isValid" of the provider class we have the parameter "CredentialInput" which has the password, but in the mapper class i have no idea how to get this info...
Just wanted to say... thank you.
I had this working on an instance of Keycloak. I deployed it in a quick and dirty way. Due to my laziness, I did not make proper notes on what I did and for the life of me, I couldn't get it working again. Like, I mean, multiple days of effort went into trying to get something working, which I knew I had done previously.
I cloned your repo and tried it out and it worked first time.
As a system engineer, this was where I just ignored my Architect's pusback when it came to "too extensive documentation" and did it anyway.
Developers already told me how useful parts of it were to them.
Explanation level 9000 thx
@Niko Köbler (@dasniko) Hi Niko, I'm relativ new to Keycloak and doing some testing with it. I try to create a Mapper to at ClientRole-Attributes to the token. Thanks for the great videos, also the debugging Video! Just struggleing on my Mac with the container startup. But my question is, do you have a video how to deploy this jar? At least I am now with the latest Keycloak (18) Version. It's not the problem to bring the jar in die container... it's more about "where" and how to initiate it with the build. But this could be done with a custom Dockerfile.. ok, it's just more there "where to place the jars" 🙂
/opt/keycloak/providers
@@dasniko Merci!!
Nice Video! I created the jar file from your code and copied to standalone\deployments folder. I restarted my local Keycloak but I am unable to see the Mapper Type ..Lucky Number..any idea?
I am at present using built in UserAttributeMapper aggregating values over groups and is configured as multivalued. We have a specific client who cannot process array of string in claim but rather expects claim value as comma separated string. Can i write a new mapper which takes the claim from the UserAttributeMapper and just concatenates the values?
Hello Niko,
I have implemented the custom token mapper, deployed the jar in keyclock server and token is generating as expected. But when I am validating the token using /account or /userinfo its giving 401 error. If i remove the custom mapper the token validation is working fine. DO I need to do some configuration for custom mapper to validate.
First of all, thank you for the Video. I'm fairly new to Programing (Sysadmin here ;)), i'll try to recreate your mapper within IntelliJ, but i get errors like "Package org.keycloak.models is not available". Do i miss something? I asume i need to install the Packges somehow. I know how to do it with Python and VSCode, but i kinda stuck in here :D Maybe you habe a little hint?
Nevermind i figured it out. Needed to create a Maven Project and add the dependencies to the pom.xml file.
Is that possible to test from postman i need to add the claims in token value will be passed from token requesting end point?
Nice video, Niko. I have a doubt about mappers. I have my db with their respective tables about permissions, How can I map, those permissions as roles of each user in keycloak?. A few months ago, I commented some of your videos about use userStorageSPI, and your replies were so helpful for me. Thank you so much!
Same query here, hope Niko finds time to reply. Great material BTW!! Thank you!
I can't give support to all requests, sorry. Also, RUclips comments are not a good support forum, there are others available where more KC users are around.
Hello, gus, I've already finished that specific task. What I did was just create a few SQL sentences in the java codes, which look for the current user loged and look for the permissions assigned, respectively. Finally with a few "foreach" loops I just mapped those permissions into the userEntity
Thankyou for the video. I still have a question, How do I use the fine-grain authorization controls provided by keycloak with my backend application ?
Keycloak provides resources, permissions, scopes and policies and I am unable to see a implemention on how can I use this feature with my existing backend ?
Any help is appretiated
Sir How can I add the resources in the keycloak user token payload? I have created the resources, scopes, policies and permissions in the keycloak now i want to add the resources according to the user roles in the user token. please ans
Asking the same question randomly on multiple videos is a very bad behavior... I won't answer to such requests.
Thank you very much.
I have a question, I want to add address field (one or more), which is always empty. How to fill values to address fields.
Is it also possible that I can enable it for user to add update multiple address in Personal Info page?
Hi! I tried to make a protocol mapper in keycloak 20.0.0 but the setClaim function doesn't seem to work, while if i use transformAccessToken directly it works but still it shouldn't be implemented like this, do you have an idea why?
🤷♂️ My example works pretty well after migrating it to KC20, no changes needed.
Hi Niko, great video, it's possible to modify a Keycloak docker container with custom mappers?
yes
Hi can I use this to add a suffix to usernames imported from LDAP?
Nice video
Hi Niko.. I saw that now keycloack use quarkus .. how to do custom mapper now?
Don‘t ask same questions on multiple channels. You did already ask on Twitter.
@@dasniko So... what's the answer?
It's under Clients > Client Scopes > Setup > click the assigned client scope "-dedicated" and you'll see the mappers there.
what is Provider_id?
The identifier of the provider you are implementing, you are free to choose a string, but it must be unique in your KC environment
@Niko Köbler (@dasniko) Excellent video! In my mapper class i need to call an external service which uses the user credentials. I can get the user username, but how can i get the password? In the method "isValid" of the provider class we have the parameter "CredentialInput" which has the password, but in the mapper class i have no idea how to get this info...
This is not possible and would contradict every security approach.
@@dasniko Thank you very much for answering!