keycloak: fix userinfo.token.claim setup

single-dockerfile
Ubuntu 2 years ago
parent 84013dec99
commit b2c44dd57f
  1. 29
      keycloak/mapper-setup.sh

@ -2,7 +2,7 @@
# Turn on the userinfo for the roles/cient roles default protocol mapper.
# this should be so much easier, but they don't have ways to do queries?
# and they don't include jq in the keycloak container, so updating the JSON
# it bangning the rocks together with sed and awk.
# it banging the rocks together with sed and awk.
die() { echo >&2 "ERROR: $@" ; exit 1 ; }
@ -12,11 +12,24 @@ if [ -z "$SCOPE_ID" ]; then die "no client scope" ; fi
MAPPER_ID=$(kcadm.sh get -r $REALM client-scopes/$SCOPE_ID/protocol-mappers/models --format csv --noquotes | awk -F, '/,client roles,/ { print $1 }')
if [ -z "$MAPPER_ID" ]; then die "no mapper defined" ; fi
kcadm.sh get -r $REALM client-scopes/$SCOPE_ID/protocol-mappers/models/$MAPPER_ID \
| sed 's/"userinfo.token.claim" : "false"/"userinfo.token.claim" : "true"/' \
> /tmp/map
cat /tmp/map
kcadm.sh update -r $REALM client-scopes/$SCOPE_ID/protocol-mappers/models/$MAPPER_ID -f /tmp/map
tee /tmp/map <<EOF
{
"id" : "$MAPPER_ID",
"name" : "client roles",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-client-role-mapper",
"consentRequired" : false,
"config" : {
"user.attribute" : "foo",
"access.token.claim" : "true",
"userinfo.token.claim" : "true",
"claim.name" : "resource_access.\${client_id}.roles",
"jsonType.label" : "String",
"multivalued" : "true"
}
}
EOF
kcadm.sh update -r $REALM client-scopes/$SCOPE_ID/protocol-mappers/models/$MAPPER_ID -f /tmp/map \
|| die "$REALM/$SCOPE_ID/$MAPPER_ID: unable to configure mapper"
kcadm.sh get -r $REALM client-scopes/$SCOPE_ID/protocol-mappers/models/$MAPPER_ID

Loading…
Cancel
Save