Skip to main content

How to add custom user attributes in keycloak and access them in spring boot application


Sometime it may be possible you want to add more parameters to standard registration page of keyloak for your users and aaccess that data in your spring boot application. This artical will show step by steps on how to add such extra attributes.

What is Keycloak

Keycloak is an open source software product to allow single sign-on with Identity Management and Access Management aimed at modern applications and services, to learn more visit https://www.keycloak.org/



What is Spring boot

Spring Boot makes it easy to create stand-alone, production-grade Spring based Applications that you can "just run". To learn more visit https://spring.io/projects/spring-boot


To add an extra attribute in keyclkoak server you will need to edit actuall html template and then registaer new attribute in json response so that it will be available on client.


Edit HTML template


Lets assume we want to add mobile number on default registration page.


  • Go to Keycloak home installation directory
  • edit file theme/base/login/register.ftl
  • add following html in this file wherever you want to see mobile number field on the above screen.

  • Note down id="user.attributes.mobile" for input tag, this is the field name for custom attribute which will be saved with user data


Edit Settings in KeyCloak Admin Panel

Now we need to map this field to rest service ourput, so that each client can access it.

  • Login to your KeyCloak admin panel
  • Select Your realm which you may have created already
  • Select Client which you may have created already from left side menu
  • Select Mapper tab

  • Click on create button on right
  • Enter Name as "Mobile Attirbute Mapping" (basically any name which you want to)
  • Select Mapper Type as "User Attribute" 
  • Add User Attribute as "mobile" , which is from html input tag id "user.attributes.mobile"
  • Add Token Claim name as "mobile" or any other valid Json name field value, which you will read as json element in Spring boot application.
  • Select Claim Json Type as "String"
  • Click Save




Read Custom user attribute in Java/Spring boot

Say you have a controller like this 



Note line 13 , we are reading "mobile" from map , which is same as "Token Claim" set in mapper definition.

Comments

  1. Hi Ravi, I need some help with a keycloak deployment - is this something you can help with? Please email me if interested. Thanks!

    ReplyDelete
  2. You have a real ability to write a content that is helpful for us. Thank you for your efforts in sharing such blogs to us. oracle fusion hcm training india

    ReplyDelete
  3. It is really a helpful blog to find some different source to add my knowledge. Vonex dealer

    ReplyDelete
  4. Pretty great post. I simply stumbled upon your blog and wanted to mention that I have really loved surfing around your blog posts. Great set of tips from the master himself. Excellent ideas. Thanks for Awesome tips Keep it
    cracksbin.com

    ReplyDelete
  5. I read your blog now share great information here. How To Make Crypto Punks

    ReplyDelete
  6. This comment has been removed by the author.

    ReplyDelete
  7. Great blog ! I am impressed with suggestions of author.

    Vonex phones

    ReplyDelete

Post a Comment

Popular posts from this blog

How to create java maven project in intelij

Open intellij Create a new java maven project in intellij . Select Maven type, Select JDK you want to use and click Next. Enter GroupId and ArtifactId, click Next Select project Location and click finish Intelij will display a warning, just press Ok. Once project is created , a popup may appear asking for auto import, select "Enable Auto Import" You will have a project created, looking something like this Note: I have created these instructions using, Instruction for other OS or intellij Version shouldn't be much different, if you need instruction for other version leave a comment and i will try to come up with another set of instructions. Intellij 2017.2.1 Java 1.8 Mac OS

How to git without finger print confirmation

In this article i will explain how you can run git clone command on a machine without having to accept sh key finger prints manually. Lets you want to write a script to initialise a developer machine, which require you to git clone various projects from gitlab or github or any other git repo. First time you run a git clone command, it will ask you if you accept the signature and it need to be part of automated script, its not nice thing to have. Here is the solution. First you download the git host's key then create its finger print then check this finger print against known valid finge rprint If its good then move downloaded ssh key to ~/.ssh/known_hosts file else throw error ssh-keyscan github.com >> githubKey ssh-keyscan gitlab.com >> gitlabKey export githubfinger=$(ssh-keygen -lf githubKey) export gitlabfinger=$(ssh-keygen -lf gitlabKey) echo $githubfinger echo $gitlabfinger if [[ $githubfinger == *"nThbg6kXUpJWGl7E1IGOCspRomTxdCARL