Hello
Having Keycloak v18 using a company IdP that is sending claims with an URL as key:
"User Profile JSON Data for provider auth0":{
"http://schemas.microsoft.com/ws/2008/06/identity/claims/role":[
"SG_GR_Business",
"SG_GR_Managers",
"LOM",
"SG_Corporate"
]
}
I try to map those claims to groups or roles without success.
What I tried so far:
http://schemas.microsoft.com/ws/2008/06/identity/claims/rolehttp://schemas\.microsoft\.com/ws/2008/06/identity/claims/role
If you have any idea on how to solve this, would be much appreciated.
Thankd
I suppose this is the code splitting your claim name. Maybe you can convince it to accept the url as one "level’:
https://github.com/keycloak-poc/keycloak/blob/ecbfedb131d24ca9f5c0cec6d31d2d02a70b25f8/server-spi-private/src/main/java/org/keycloak/utils/JsonUtils.java#L43
Not sure if the
is part of the json object or it’s just you explaining it. If that is part of the json, you need to give the full “path” like:
User Profile JSON Data for provider auth0.http://schemas\.microsoft\.com/ws/2008/06/identity/claims/role
“User Profile JSON Data for provider auth0” is not part of the path, it is the text found in the log file of Keycloak.
The claim name only contains the URL so far and as I am not a Java guy I do not understand how to exploit the piece of code in order to convince Keycloak to deal the claim “as is”.