Identity Provider: map claims to declarative user profile attributes

lme · March 1, 2023, 8:53am

Hi,

I’m trying to switch from custom user attributes to the feature preview declarative user profile.

Keycloak is connected to an OIDC Identity Provider with configured mappers of type “Attribute Importer” that map claims to custom user attributes. Now I would like to map claims to attributes created in the declarative User profile.
Is this possible with Keycloak 21? If yes, what mapper type should I use for my OIDC Identify Provider?

Thanks.

dasniko · March 1, 2023, 3:22pm

It doesn’t matter if you have declarative user profile enabled or not, attributes are just - well, attributes. Only difference is, that with declarative profile, they are defined.
Just use a mapper of type “Attribute Importer” and map the desired claim to your target attribute at a user and you are good to go.

lme · March 1, 2023, 4:41pm

Ok, nice. So basically I’ve nothing to do apart checking that attribute names defined in the declarative user profile match the target attribute names in my mappers.

An other question regarding the new declarative user profile: I saw that the declarative user profile is used in the admin console user form (in the admin console v2 only) and the register form to display dynamically generated forms, but my declarative profile is not displayed in the account console (v1 or v2). Is this the expected behaviour with Keycloak 21, or am I missing something?

dasniko · March 1, 2023, 4:54pm

AFAIK the account console is not (yet?) adapted to the declarative profile.
Keep in mind that the user profile is still a preview feature, not yet fully supported. No, nobody knows when this will be the case.

lme · March 1, 2023, 5:19pm

Yeah, I know declarative profile is still in a feature preview state

I was juste wondering if I was doing something wrong because the doc says:

Dynamically render forms that users interact with like registration, update profile, brokering, and personal information in the account console, according to the attribute definitions and without any need to manually change themes

Anyway, this will be a great feature when it will be available and I’m glad I will be able to reuse my custom user attributes with this new feature (I was afraid of having to plan a complex migration from the legacy behaviour to the new declarative profile).

dasniko · March 1, 2023, 5:36pm

This has the milestone label 22.0.0:

github.com/keycloak/keycloak

Support declarative user profile

opened 01:20PM - 31 Jan 23 UTC

mposolda

team/core kind/task

### Description See the checklist on https://github.com/keycloak/keycloak/iss…ues/16737 . There is separate label `area/user-profile`, which can be used to search for all issues related to user profile: https://github.com/keycloak/keycloak/issues?q=is%3Aissue+is%3Aopen+label%3Aarea%2Fuser-profile - [ ] Enable user profile by default for new realms - [ ] Review and update the test suite to run tests against realms with user profile enabled - [ ] Review documentation to make sure we are covering all aspects of user profile - [ ] Review documentation to cover the main aspects when migrating from legacy to the declarative user profile

Topic		Replies	Views
Attribute Importer Mapper Configuring the server oidc	1	1445	August 25, 2022
How to use mapper type "key to role" in keycloak authentication , identity-brokering , oidc	0	370	January 21, 2021
Identity provider brokering claim release issue Configuring the server identity-brokering , oidc	0	1416	January 28, 2020
Creating an Identity Provider Mapper	1	1151	March 13, 2023
OIDC Identity Broker/Identity Provider Mappers Importing Not Working Configuring the server identity-brokering , oidc	1	2274	December 17, 2020

Identity Provider: map claims to declarative user profile attributes

Related Topics