Replies: 1 comment 5 replies
-
|
Do you use builtin Keycloak providers or custom Identity Provider implementations? In the latter case, some mappers won't be applicable by default. |
Beta Was this translation helpful? Give feedback.
-
|
We are using default Keycloak providers... Mappers are a mix of builtin and custom mappers. |
Beta Was this translation helpful? Give feedback.
-
|
Finally... You're right : I was not aware of this but it's a custom Identity Provider... I'm going to check the impact of this custom provider |
Beta Was this translation helpful? Give feedback.
-
|
@fperot74 If you can adjust the custom Identity Provider implementation, this hook might help: #21154 |
Beta Was this translation helpful? Give feedback.
-
|
For a custom OIDC IDP, we have implemented the method IdentityProvider#isMapperSupported like this: |
Beta Was this translation helpful? Give feedback.
-
|
Sorry for the delay but I did see your messages. My work has been rescheduled and I won't work on this before january. Last time I worked on it, my conclusion was that it was not the source cause (when importing realm with already configured mappers, I can see them in the admin console)... but I'll retry in a few weeks to be sure. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
We implemented a custom API for Keycloak 18. It knows a set of 12 pre-configured mappers. A first method of our API, for a given realm and identity provider, list all 12 mappers and returns a map to tell for each one if they are enabled or not (mapper created in the IDP or not). A second method of our API receives a Map<String, Boolean> to activate/deactivate (create/remove) identity provider mappers.
Everything went fine... Our API was able to create/remove mappers and we were able to see the "enabled" mappers in the admin console.
We are now migrating to Keycloak 26 (26.2.4 but also tested with 26.4.6). We can call our API multiple times and everything is consistent. I mean that if I activate 5 mappers with my API and list enabled/disabled mappers with my API, I get 5 activated mappers and 12 disabled mappers. But if I call the default Keycloak API to list existing mappers (using myRealmResource.identityProviders().get(IDP_ALIAS).getMappers()), I get none... If I check in the admin console, I get no mapper.
So... my custom API does persist identity provider mappers as it is able to retrieve them later... but default Keycloak API does not see them.
Does anyone can help me to solve this mystery? Is there something to configure with IdentityProviderStorageProvider? Should I use another way to create/delete mappers?
Creation of a mapper:
var mapper = new IdentityProviderMapperModel();
mapper.setName(presetMapper.getMapperName());
mapper.setIdentityProviderAlias(idpAlias);
mapper.setIdentityProviderMapper(presetMapper.getMapperType());
mapper.setConfig(presetMapper.getAttributes());
mapper = session.identityProviders().createMapper(mapper);
Deletion of a mapper:
var mapper = selectedRealm.getIdentityProviderMapperByName(idpAlias, mapperStatus.getKey());
session.identityProviders().removeMapper(mapper);
Listing of existing mappers:
session.identityProviders().getMappersByAliasStream(idpAlias)
Beta Was this translation helpful? Give feedback.
All reactions