I’m trying to create an attribute on a user, but when I save my changes and edit the user again, my new attribute disappears. I have enabled ‘User Profile Enabled’ in the realm. If I disable it, everything works fine. How can I add an attribute in this case?
I use Keycloak 21.1.1
I have encountered a similar thing where you can’t use arbitrary attributes once the declarative user profile feature is enabled. You need to specify the new attribute as a user profile element. I don’t know if that is the expected behavior, but that’s the workaround I had to use.
What I infer from the source code of the declarative user profile, it’s intended that once you enable the declarative profile, you have to declare all attributes you want to use, additional, non-declared attributes are not possible. But it’s not documented and it’s (only) my interpretation of the code. There are pros and cons of this approach, yes.
Like @dasniko said the idea is that you don’t use attributes when you enable “User Profile” in future versions the tab will no longer be there. If you want an attribute then you’ll need to declare it in “User Profile” you can make it completely invisible by making it not editable / viewable for all users
Thank you, @dasniko and @edewit. I’m creating the attribute in a shell script using Keycloak’s REST API. I can’t find in the documentation how to create this attribute in the “User profile”. Do you know if it’s possible to do this using the REST API?
Yes, that is possible you need to add them to the json and send an PUT to the user/profile endpoint example json:
{
"attributes": [
{
"name": "username",
"displayName": "${username}",
"permissions": {
"view": [
"admin",
"user"
],
"edit": [
"admin",
"user"
]
},
"validations": {
"length": {
"min": 3,
"max": 255
},
"username-prohibited-characters": {},
"up-username-not-idn-homograph": {}
}
},
{
"name": "email",
"displayName": "${email}",
"required": {
"roles": [
"user"
]
},
"permissions": {
"view": [
"admin",
"user"
],
"edit": [
"admin",
"user"
]
},
"validations": {
"email": {},
"length": {
"max": 255
}
}
},
{
"name": "firstName",
"displayName": "${firstName}",
"required": {
"roles": [
"user"
]
},
"permissions": {
"view": [
"admin",
"user"
],
"edit": [
"admin",
"user"
]
},
"validations": {
"length": {
"max": 255
},
"person-name-prohibited-characters": {}
}
},
{
"name": "lastName",
"displayName": "${lastName}",
"required": {
"roles": [
"user"
]
},
"permissions": {
"view": [
"admin",
"user"
],
"edit": [
"admin",
"user"
]
},
"validations": {
"length": {
"max": 255
},
"person-name-prohibited-characters": {}
}
},
{
"name": "my-attribute",
"displayName": "",
"selector": {
"scopes": [
"role_list",
"email",
"roles",
"address",
"microprofile-jwt",
"phone",
"acr",
"new-client-scope",
"web-origins",
"offline_access",
"profile"
]
},
"annotations": {},
"validations": {},
"group": null
}
]
}
once you have the attribute defined you can add it with a value to user attributes