Ok, I’m trying to figure out how to use Script Mappers and I’m very confused.
What I’m trying to accomplish is extremely simple. I want to add a custom claim to a token returned by a client. That’s it!
Here is what I’m done. I started from this
Then I read up on how to setup a simple Javascript provider here
For the script itself:
token.setOtherClaims(“random_thing”,“mango”);
For META-INF/keycloak-scripts.json:
{
“authenticators”: [
],
“policies”: [
],
“mappers”: [
{
“name”: “My Mapper”,
“fileName”: “my-script-mapper.js”,
“description”: “My Mapper from a JS file”
}
]
}
Then I JAR’ed those files as asked in the documentation and shoved them in /opt/jboss/keycloak/standalone/deployments/something.jar
.
When the Keycloak container came up, I saw:
WFLYSRV0010: Deployed “something.jar” (runtime-name : “something.jar”)
However, when it came time to actually using the script mapper in my client, I was completely lost.
I got it working by starting the container like so:
command: [“-b”, "0.0.0.0 ", “-Dkeycloak.profile.feature.upload_scripts=enabled”]
Which is the only thing that EVER made my script’s name (“My Mapper”) appear in the dropdown for the client mappers.
Adding the mapper to the application like so, added my custom claim to the JWT like I wanted.
However, that is a deprecated feature according to the keycloak logs and the documentation:
19:49:06,477 WARN [org.keycloak.common.Profile] (ServerService Thread Pool -- 65) Deprecated feature enabled: upload_scripts
19:49:06,477 WARN [org.keycloak.common.Profile] (ServerService Thread Pool -- 65) Preview feature enabled: scripts
Also, whenever I created a JWT with my script mapper enabled, I see the following log line
20:42:16,249 ERROR [stderr] (default task-6) Warning: Nashorn engine is planned to be removed from a future JDK release
So… fine, if I’m not supposed to use “-Dkeycloak.profile.feature.upload_scripts=enabled” to startup keycloak, then how and where to I select my script mapper in Keycloak??? (Pictures and/or links to explicit documentation would be incredibly appreciated)