Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix attribute importer and user template mapper for Facebook/Google #482

Merged
merged 3 commits into from
Apr 9, 2021
Merged

Fix attribute importer and user template mapper for Facebook/Google #482

merged 3 commits into from
Apr 9, 2021

Conversation

Photonios
Copy link
Contributor

@Photonios Photonios commented Feb 5, 2021
edited
Loading

keycloak_attribute_importer_identity_provider_mapper

This does not currently work for the Facebook and Google identity providers because of two reasons:

  • The computed IdentityProviderMapper is <provider id>-user-attribute-idp-mapper, while it should be <provider id>-user-attribute-mapper.
  • The config fields used are userAttribute and jsonField.

keycloak_user_template_importer_identity_provider_mapper

This does not currently work for the Facebook and Google identity providers because of:

  • The computed IdentityProviderMapper is <provider id>-username-idp-mapper, while it should be oidc-username-idp-mapper.

The more correct fix for all of these would be to hit /{realm}/identity-provider/instances/{alias}/mapper-types to get a list of available mapper types and config fields and to select the right one based on the category.

This short-cut makes it work till that work can be done. This if-else magic was already happening in the attribute importer resource.

@Photonios Photonios force-pushed the idp-mapper-types-google-facebook branch from 0e43727 to 5f46c7a Compare February 5, 2021 14:07
@Photonios
Correct mapper type for user template mapper for Google/Facebook
a50ff17 
GET /auth/admin/realms/<realm>/identity-provider/instances/google/mapper-types
GET /auth/admin/realms/<realm>/identity-provider/instances/facebook/mapper-types

Return the type of the user template mapper to be
`oidc-username-idp-mapper`. Not `<provider id>-username-idp-mapper`.
@Photonios
Correct mapper type and fields for attribute import for Google/Facebook
8bdda7e 
GET /auth/admin/realms/<realm>/identity-provider/instances/google/mapper-types
GET /auth/admin/realms/<realm>/identity-provider/instances/facebook/mapper-types

Return the type of the user template mapper to be
`<provider id>-user-attribute-mapper`.
Not `<provider id>-user-attribute-idp-mapper`.

The correct fields are also `jsonField` and `userAttribute`.
@Photonios Photonios force-pushed the idp-mapper-types-google-facebook branch from 5f46c7a to 8bdda7e Compare February 5, 2021 14:07
@Photonios Photonios marked this pull request as ready for review February 5, 2021 14:19
@Photonios
Fall back to using Config.JsonField for claimName
e8b2fd5 
This is for the Google/Facebook mappers.
mrparkers
mrparkers approved these changes Apr 9, 2021
View reviewed changes
Copy link
Owner

@mrparkers mrparkers left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

seems to work locally for me. thanks for the PR!

@mrparkers mrparkers merged commit 483fa37 into mrparkers:master Apr 9, 2021
@Photonios Photonios deleted the idp-mapper-types-google-facebook branch January 19, 2022 13:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mrparkers mrparkers mrparkers approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Photonios @mrparkers