OIDC Identity Broker/Identity Provider Mappers Importing Not Working

amanjeev · April 7, 2020, 12:29am

The following is my conundrum with Keycloak’s OIDC setup with an external Identity Provider and mapping some claims.

Keycloak version: 9.0.2 (docker image)

Setup:

We have an Identity Provider (OIDC) listed to allow login via that provider. I believe this is also known as identity brokering.
The provider settings includes the /userinfo endpoint.
This provider works fine with logging in to the application via our Keycloak instance.

image550×931 45.2 KB
The provider also has Mappers listed to import attributes that come from the upstream provider.

We know that the upstream does send “ga4gh_passport_v1”. I have checked the upstream’s /userinfo endpoint for the user.

The client has the mapper also defined.

I tried this setup with a hardcoded attribute in the Identity Broker mappers and the hardcoded attributes show up. That one shows up fine in the token eventually.

Issue: This value does not show up in the token from our keycloak. Is there a setting that we are missing?

Document reference: Server Administration Guide

Thank you for your help.

christoph.steiner · December 17, 2020, 6:06am

I have the exact same problem. Were you able to solve it?
Thanks

Topic		Replies	Views
Identity Provider mappers ignored during token exchange Configuring the server identity-brokering , oidc	4	605	December 16, 2023
Attribute Importer Mapper Configuring the server oidc	1	1396	August 25, 2022
Unable to Retrieve Identity Provider(IDP) token Getting advice identity-brokering	0	1389	October 24, 2021
How to use mapper type "key to role" in keycloak authentication , identity-brokering , oidc	0	357	January 21, 2021
Creating an Identity Provider Mapper	1	1103	March 13, 2023

OIDC Identity Broker/Identity Provider Mappers Importing Not Working

Related Topics