Keycloak retrieve custom attributes to KeycloakPrincipal

by

To add custom attributes you need to do three things:

  1. Add attributes to admin console
  2. Add claim mapping
  3. Access claims

The first one is explained pretty good here: https://www.keycloak.org/docs/latest/server_admin/index.html#user-attributes

Add claim mapping:

  1. Open the admin console of your realm.
  2. Go to Clients and open your client
  3. This only works for Settings > Access Type confidential or public (not bearer-only)
  4. Go to Mappers
  5. Create a mapping from your attribute to json
  6. Check “Add to ID token”

Access claims:

final Principal userPrincipal = httpRequest.getUserPrincipal();

if (userPrincipal instanceof KeycloakPrincipal) {

    KeycloakPrincipal<KeycloakSecurityContext> kp = (KeycloakPrincipal<KeycloakSecurityContext>) userPrincipal;
    IDToken token = kp.getKeycloakSecurityContext().getIdToken();

    Map<String, Object> otherClaims = token.getOtherClaims();

    if (otherClaims.containsKey("YOUR_CLAIM_KEY")) {
        yourClaim = String.valueOf(otherClaims.get("YOUR_CLAIM_KEY"));
    }
} else {
    throw new RuntimeException(...);
}

Hope this helps and fits your use case. I used this for a custom attribute I added with a custom theme.

More Related Contents:

  1. Customize Authentication – Login Symfony2 Messages
  2. Google OAuth 2 authorization – Error: redirect_uri_mismatch
  3. Authentication filter and servlet for login
  4. How to secure MongoDB with username and password
  5. Error when connect to impala with JDBC under kerberos authrication
  6. How can I extend ServiceStack Authentication
  7. Socket.IO Authentication
  8. Why is there an “Authorization Code” flow in OAuth2 when “Implicit” flow works so well?
  9. user authentication libraries for node.js?
  10. Forgot Password: what is the best method of implementing a forgot password function?
  11. Authentication with 2 different tables
  12. How to use UrlFetchApp with credentials? Google Scripts
  13. how to implement login auth in node.js
  14. What is the purpose of a “Refresh Token”?
  15. What if JWT is stolen?
  16. How to get a JWT?
  17. How does cookie based authentication work?
  18. CSRF Token necessary when using Stateless(= Sessionless) Authentication?
  19. What is the Authorized Javascript Origin for a webapp powered by Google Script?
  20. IIS7: Setup Integrated Windows Authentication like in IIS6
  21. OWIN – Authentication.SignOut() doesn’t seem to remove the cookie
  22. How to use Windows Active Directory Authentication and Identity Based Claims?
  23. In Subversion can I be a user other than my login name?
  24. Microservice Authentication strategy
  25. Single sign-on flow using JWT for cross domain authentication
  26. How to use Github Personal Access Token in Jenkins
  27. ASP.NET MVC 3 using Authentication
  28. How to use Client Certificate Authentication in iOS App
  29. Multiple IdentityServer Federation : Error Unable to unprotect the message.State
  30. How does OpenID authentication work?

Leave a Comment