Incomplete token keycloak

angelomachado · April 9, 2021, 4:48pm

Hello, I have a problem with the content of a new customer token that I created in the keycloak.

I currently have a user federation, which connects to my ldap, and I have a client in the keycloak connected to that federation and that served all companies that use my app,
but I had to migrate some of the accesses of these companies, to SSO, for that I created a client in the keycloak for each company that will use SSO, and an identity provider saml
for each one too, in addition to the specific redirection settings, in the first company it worked well, I received a token with all the information I need, this token:

"iat": ********,
  "auth_time": ********,
  "jti": "********",
  "iss": "myurl",
  "aud": "account",
  "sub": "********",
  "typ": "Bearer",
  "azp": "company1-client",
  "session_state": "********",
  "acr": "1",
  "allowed-origins": [
    "*"
  ],
  "realm_access": {
    "roles": [
      "offline_access",
      "uma_authorization"
    ]
  },
  "resource_access": {
    "account": {
      "roles": [
        "manage-account",
        "manage-account-links",
        "view-profile"
      ]
    }
  },
  "scope": "openid email read profile write",
  "email_verified": true,
  "user_name": "********",
  "preferred_username": "********",
  "empresa": "********",
  "email": "********"
}

Perfect, this is working, but following exactly the settings of this company, I went to include another one and the token came without some default information:

"iat": "********",
  "auth_time": "********",
  "jti": "********",
  "iss": ""********",",
  "aud": "company2-client",
  "sub": ""********",",
  "typ": ""********",",
  "azp": ""********",",
  "session_state": ""********",",
  "at_hash": ""********",",
  "acr": ""********",",
  "email_verified": true,
  "user_name": ""********",",
  "preferred_username": ""********",",
  "empresa": ""********",",
  "email": ""********","
}

I need the token to also have this information:

"allowed-origins": [
    "*"
  ],
  "realm_access": {
    "roles": [
      "offline_access",
      "uma_authorization"
    ]
  },
  "resource_access": {
    "account": {
      "roles": [
        "manage-account",
        "manage-account-links",
        "view-profile"
      ]
    }
  },
  "scope": "openid email read profile write",

I apologize if it was not clear, English is not my native language.

Thanks in advance

Topic		Replies	Views
Keycloak Google IDP token empty Getting advice authentication , ldap , oidc	0	477	October 23, 2020
Problem with brokering	0	360	December 21, 2021
Account linking with Keycloak Getting advice authentication , oidc	1	4626	December 23, 2019
Get Identity provider token in keycloak after logging Getting advice	1	498	October 21, 2021
Setting Authentication flow for identity providers (SSO) Configuring the server authentication , identity-brokering , oidc	0	605	April 13, 2021

Incomplete token keycloak

Related Topics