Keycloak映射多个用户属性 [英] Keycloak map multiple user attributes

问题描述

我已经按照[1]中的指南来映射单个用户属性.但是，我需要将所有属性映射到一个数组，以便特定用户的每个属性都显示在访问令牌的属性数组中(或者更好的是，将属性限制为一组特定的属性，但是我想用户属性仅仅是平面键/值映射).

I've followed the guide at [1] to map a single user attribute. However, I need to map all attributes to an array, so that every attribute for a particular User shows up in an attribute array of the access token (Or better, restrict attributes to a certain group of attributes, but I guess user attributes are only a flat key/value map).

我尝试在客户端映射器的用户属性"字段中设置通配符*.但是无论我做什么，只要给定用户属性映射的实际属性键，就一次只能设置一个属性.

I tried out setting a wildcard * in the User Attribute field of the client mapper. But no matter what I do, I can ony set one attribute at a time given an actual attribute key of a user's attribute map.

[1] Keycloak将自定义属性检索到KeycloakPrincipal

推荐答案

我遇到了同样的问题.

我尝试了以下操作:

1. 添加了一个关键的部门"，具有单个值，例如财务". 添加第二个键部门".另一个价值发展" 覆盖初始条目.
2. 我也想放点东西 例如价值栏中的列表，例如开发，财务"；或者 发展；财务"但这也被视为一个单一值.

1. Added a key "department" with a single value for example "finance". Adding a second key "department" with another value "development" overwrites the initial entry.
2. I also have tried to put something like a list into the value column, such as "development, finance" or "development; finance" but this is treated as a single value too.

如果您使用"development ## finance"，在管理控制台中，用户将拥有一个部门".具有2个值开发"的属性和财务".

If you use "development##finance" in admin console, the user will have "department" attribute with 2 values "development" and "finance".

"##"似乎是要使用的分隔符.

The "##" seem to be the delimiter to use.

因此，如果您将多值"标记为切换您的protocolMapper中的部门"属性，accessToken将包含具有2个值"development"的列表.和财务".

So, if you mark "multivalued" switch in your protocolMapper for "department" attribute, the accessToken will contain list with 2 values "development" and "finance".

部门":[ 发展"， 财务" ]

"department": [ "development", "finance" ]

这对我有用.

KeyCloak版本11.0.2

KeyCloak version 11.0.2

这篇关于Keycloak映射多个用户属性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！