We recently migrated from an older version of keycloak to keycloak 19.0.1. All is good in world, however, when we generated access token and see its relevant jwt representation we can see certain mappers that were previously there are missing from the token fields.
Upon investigation we found that the missing mappers are the one’s where in older keycloak we had used “Script mapper”. This now no longer even shows up in the admin console → clients → mappers (using old admin console).
Reading forums, can see that “upload_scripts” feature was completly removed since keycloak 18. (ref: Keycloak 18.0.0 released - Keycloak). This is causing world of issues as we rely on these previously created script mappers to come in the token generated.
I can see in the keycloak DB (protocol_mapper), the data is still there after the migration for these mappers.
How can we go about enabling these script mappers that were previously there so that it can still work with newer keycloak versions ?
The docs do instruct to see Profiles page but the instructions there are not clear at all as to what to do in the process…
Thank you for the suggestion and tips, really appreciated.
I tried it and that works, my only question now remains is seeing we previously had about more than 100 realms, is there a way to automatically set this for all those realms instead of manually configuring for every one on UI by going into mappers and setting visually ?
It was a bit tedious to do via API calls, I noticed the changes in DB mainly protocol_mapper and protocol_mapper_config.
Simply had to run an update query to change ‘oidc-script-based-protocol-mapper’ to ‘script-xxx’ (xxx - name of mapper file js) after uploading the providers
Restarted app, tested and it works, and information reflects in token.
