I have written a custom token mapper by extending from AbstractOIDCProtocolMapper
.
I have also added a custom static create
method to be able to indicate that I want have have “multivalued” enabled for my custom claim:
public static ProtocolMapperModel create(String name,
boolean accessToken,
boolean idToken,
boolean userInfo) {
// This static method is called automatically by Keycloak when it is present
// It allows to set the MULTIVALUED attribute to true so we can return a list of things
ProtocolMapperModel mapper = new ProtocolMapperModel();
mapper.setName(name);
mapper.setProtocolMapper(PROVIDER_ID);
mapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
Map<String, String> config = new HashMap<>();
config.put(ProtocolMapperUtils.MULTIVALUED, Boolean.TRUE.toString());
if (accessToken) {
config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
}
if (idToken) {
config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
}
if (userInfo) {
config.put(OIDCAttributeMapperHelper.INCLUDE_IN_USERINFO, "true");
}
mapper.setConfig(config);
return mapper;
}
I have integration tests in place using TestContainers and everything seems to work fine. If I remove the line to enable “multivalued”, the test fails, etc…
However, in our test Keycloak, it seems that this “multivalued” is not honered. Instead of a JSON array, we get a JSON object with the first element of what the array normally should contain.
I already tried to remove the mapper for the client and add it again, but does not seem to help at all. Is there anything else I can try or look at?