在密钥斗篷id_token中获取Azure组信息 [英] Get Azure groups information in keycloak id_token
本文介绍了在密钥斗篷id_token中获取Azure组信息的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我已将Azure活动目录注册为Keycloack服务器中的身份提供程序. 我正在azure的id_token中获取分组数组,它看起来像:
I have registered Azure active directory as an identity provider in the Keycloack server. I am getting groups array in azure's id_token and it looks like:
{
aud: "https://contoso.onmicrosoft.com/scratchservice",
iss: "https://sts.windows.net/b9411234-09af-49c2-b0c3-653adc1f376e/",
iat: 1416968588,
nbf: 1416968588,
exp: 1416972488,
ver: "1.0",
tid: "b9411234-09af-49c2-b0c3-653adc1f376e",
amr: [
"pwd"
],
roles: [
"Admin"
],
oid: "6526e123-0ff9-4fec-ae64-a8d5a77cf287",
upn: "[hidden email]",
unique_name: "[hidden email]",
sub: "yf8C5e_VRkR1egGxJSDt5_olDFay6L5ilBA81hZhQEI",
family_name: "User",
given_name: "Sample",
groups: [
"0e129f6b-6b0a-4944-982d-f776000632af",
"323b13b3-1851-4b94-947f-9a4dacb595f4",
"6e32c250-9b0a-4491-b429-6c60d2ca9a42",
"f3a161a7-9a58-4e8f-9d47-b70022a07424",
"8d4c81b2-b1ad-476d-9574-544d155aa6ff",
"1bf80164-ff24-4866-b19c-6212e5b9a847",
"76f80127-f2cd-46f4-8c52-8edd8bc749b1",
"0ba27160-44d0-42b5-b90c-47b3fcc48e35"
],
appid: "b075ddef-0efa-123b-997b-de1337c29185",
appidacr: "1",
scp: "user_impersonation",
acr: "1"
}
在Keycloak服务器生成的id_token中,没有任何组. 如何在密钥克隆id_token中获得Azure AD组.
In id_token generated by the Keycloak server, there are no groups. How can I get azure AD groups in keycloack id_token.
推荐答案
我通过创建映射器解决了此问题.
I resolved this issue by creating a mapper.
步骤:
- 在身份提供者中创建属性导入器类型映射器
- 在客户端中创建用户属性类型映射器
- Create Attribute importer type mapper in the identity provider
- Create User attribute type mapper in the client
这篇关于在密钥斗篷id_token中获取Azure组信息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文