Hello there, i got problem with getting additional info from remote IDP.
I easily can access to all received from IDP token fields - emails, names-firstnames, ids-guids and etc - no problem here to map data as need. But how i could receive through keycloak additional info? (same as with keycloak as remote IDP is supports same standarts) It contains fields excluded from token, but i’ll be happy to use them in my app - for ex there could be avatar link, some hrefs, bio and etc. Is it possible to get and store (or only get) additional user info? And how map it right?
1 Like
Keycloak provides protocol mappers and token mappers that you can use to map user attributes, roles, etc. into tokens and statements.
I try to explain what i mean:
There is 3 parts of app.
Client (app) -> keycloak -> identity provider.
Identity provider can return data, which is not in idToken, its should be requested apart with accessToken after login at provider.
If there is no keycloak, scheme is quite clear, no questions. Auth, then getInfo from sso with access token, same as i get it from kk. userInfo from IDP returns avatar, social links, bio. As example.
if i auth over keycloak, keycloak only returns data encoded in idToken from IDP. And do not returns avatar, socials and bio. And i still cant understand how to map it right and how to store it in keycloak.
Thats the question. I read docs 3rd time and even answer ‘how to’ described there, it’s not clear.
So it’s good to know is it even possible. Seems not.
soo, i found this, so kk is know about additional info. But how map it right then? I mean, should it be mapped in IdentityProvider or somewhere too? And if yes, what it is? User property or user attribute? If one of this, how keycloak store it? I tried to map in Client userInfo, picture, avatar, had insert script mapper with {user} returned and still nothing…
Little update here:
mapped required claims at Identity provider plus at client.
Still nothing. Even props on idToken from IDP. Pure random - some props been mapped to attribute, some still not (i mapped ‘idp’ before - client was able to see it). Magic.
IDP mapper:
What returns IDP when i request directly:
And userInfo directly to idp w/o keycloak
All i get - it was ‘idp’ property from idToken. Others props wont work even they are exists on idToken.
So what i did wrong? Quite muddy logic with this in keycloak…
okay, i’ve read some new things… but for now keycloak won’t map even existing fields from IdP token…
I am having similar issue while trying to get ORCID’s ID into my application via KK. Tried adding mappers at both IDP and Client modules of the KK. still cant get the values from Orcid.org.
Have you tried it since your last try, any advise?
thanks
1 Like