The following is my conundrum with Keycloak’s OIDC setup with an external Identity Provider and mapping some claims.
Keycloak version: 9.0.2 (docker image)
Setup:
- We have an Identity Provider (OIDC) listed to allow login via that provider. I believe this is also known as identity brokering.
- The provider settings includes the
/userinfo
endpoint. - This provider works fine with logging in to the application via our Keycloak instance.
- The provider also has
Mappers
listed to import attributes that come from the upstream provider.
We know that the upstream does send “ga4gh_passport_v1”. I have checked the upstream’s /userinfo endpoint for the user.
The client has the mapper also defined.
I tried this setup with a hardcoded attribute in the Identity Broker mappers and the hardcoded attributes show up. That one shows up fine in the token eventually.
Issue: This value does not show up in the token from our keycloak. Is there a setting that we are missing?
Document reference: Server Administration Guide
Thank you for your help.