|
|
|
|
@ -2,7 +2,7 @@ |
|
|
|
|
# Turn on the userinfo for the roles/cient roles default protocol mapper. |
|
|
|
|
# this should be so much easier, but they don't have ways to do queries? |
|
|
|
|
# and they don't include jq in the keycloak container, so updating the JSON |
|
|
|
|
# it bangning the rocks together with sed and awk. |
|
|
|
|
# it banging the rocks together with sed and awk. |
|
|
|
|
|
|
|
|
|
die() { echo >&2 "ERROR: $@" ; exit 1 ; } |
|
|
|
|
|
|
|
|
|
@ -12,11 +12,24 @@ if [ -z "$SCOPE_ID" ]; then die "no client scope" ; fi |
|
|
|
|
MAPPER_ID=$(kcadm.sh get -r $REALM client-scopes/$SCOPE_ID/protocol-mappers/models --format csv --noquotes | awk -F, '/,client roles,/ { print $1 }') |
|
|
|
|
if [ -z "$MAPPER_ID" ]; then die "no mapper defined" ; fi |
|
|
|
|
|
|
|
|
|
kcadm.sh get -r $REALM client-scopes/$SCOPE_ID/protocol-mappers/models/$MAPPER_ID \ |
|
|
|
|
| sed 's/"userinfo.token.claim" : "false"/"userinfo.token.claim" : "true"/' \ |
|
|
|
|
> /tmp/map |
|
|
|
|
|
|
|
|
|
cat /tmp/map |
|
|
|
|
|
|
|
|
|
kcadm.sh update -r $REALM client-scopes/$SCOPE_ID/protocol-mappers/models/$MAPPER_ID -f /tmp/map |
|
|
|
|
tee /tmp/map <<EOF |
|
|
|
|
{ |
|
|
|
|
"id" : "$MAPPER_ID", |
|
|
|
|
"name" : "client roles", |
|
|
|
|
"protocol" : "openid-connect", |
|
|
|
|
"protocolMapper" : "oidc-usermodel-client-role-mapper", |
|
|
|
|
"consentRequired" : false, |
|
|
|
|
"config" : { |
|
|
|
|
"user.attribute" : "foo", |
|
|
|
|
"access.token.claim" : "true", |
|
|
|
|
"userinfo.token.claim" : "true", |
|
|
|
|
"claim.name" : "resource_access.\${client_id}.roles", |
|
|
|
|
"jsonType.label" : "String", |
|
|
|
|
"multivalued" : "true" |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
EOF |
|
|
|
|
|
|
|
|
|
kcadm.sh update -r $REALM client-scopes/$SCOPE_ID/protocol-mappers/models/$MAPPER_ID -f /tmp/map \ |
|
|
|
|
|| die "$REALM/$SCOPE_ID/$MAPPER_ID: unable to configure mapper" |
|
|
|
|
kcadm.sh get -r $REALM client-scopes/$SCOPE_ID/protocol-mappers/models/$MAPPER_ID |
|
|
|
|
|
Ubuntu
1 year ago