Creating an Identity Provider Mapper

1

We are working on creating identity provider mapper via the POST api.

We would like to understand if keycloak breaks for the below mentioned scenarios.

  1. we have verified that the API accepts any role under config. But does it break keycloak - as in does keycloak stops working?
  2. The “claim.value” is a group Id which corresponds to Azure. This field again accepts any input.

Sample payload

{
	"name": "Test",                                           
	"identityProviderAlias": "testalias",									
	"identityProviderMapper": "oidc-role-idp-mapper",           
	"config": {
		"syncMode": "FORCE",									
		"claim": "groups",                                       
		"role": "test role",                                    
		"claim.value": "<GUID>" 
	}
}

Any help would be appreciated.
Thanks

2

Not sure if this helps anyone I am also looking for some answers but will post what I have here in case it helps anyone else.

I am working on a Python script to add an Advanced Claim to Role Identity Provider Mapper in Keycloak. I have an example of a script and tried modifying it but when I post my values I am not getting the result expected as there seems to be no error message but it’s just missing data from my payload for example enabling regex and the key and value are missing

Original working script using “identityProviderMapper”: “oidc-role-idp-mapper”

My script trying to use “identityProviderMapper”: “oidc-advanced-role-idp-mapper”,

How can I see what are accepted values for the mapper payload for oidc-advanced-role-idp-mapper