问题描述
我已经按照[1]中的指南来映射单个用户属性.但是,我需要将所有属性映射到一个数组,以便特定用户的每个属性都显示在访问令牌的属性数组中(或者更好的是,将属性限制为一组特定的属性,但是我想用户属性仅仅是平面键/值映射).
I've followed the guide at [1] to map a single user attribute. However, I need to map all attributes to an array, so that every attribute for a particular User shows up in an attribute array of the access token (Or better, restrict attributes to a certain group of attributes, but I guess user attributes are only a flat key/value map).
我尝试在客户端映射器的用户属性"字段中设置通配符*.但是无论我做什么,只要给定用户属性映射的实际属性键,就一次只能设置一个属性.
I tried out setting a wildcard * in the User Attribute field of the client mapper. But no matter what I do, I can ony set one attribute at a time given an actual attribute key of a user's attribute map.
[1] Keycloak将自定义属性检索到KeycloakPrincipal
推荐答案
我遇到了同样的问题.
我尝试了以下操作:
- 添加了一个关键的部门",具有单个值,例如财务".添加第二个键部门".另一个价值发展"覆盖初始条目.
- 我也想放点东西例如价值栏中的列表,例如开发,财务";或者发展;财务"但这也被视为一个单一值.
- Added a key "department" with a single value for example "finance".Adding a second key "department" with another value "development"overwrites the initial entry.
- I also have tried to put somethinglike a list into the value column, such as "development, finance" or"development; finance" but this is treated as a single value too.
如果您使用"development ## finance",在管理控制台中,用户将拥有一个部门".具有2个值开发"的属性和财务".
If you use "development##finance" in admin console, the user will have "department" attribute with 2 values "development" and "finance".
"##"似乎是要使用的分隔符.
The "##" seem to be the delimiter to use.
因此,如果您将多值"标记为切换您的protocolMapper中的部门"属性,accessToken将包含具有2个值"development"的列表.和财务".
So, if you mark "multivalued" switch in your protocolMapper for "department" attribute, the accessToken will contain list with 2 values "development" and "finance".
部门":[发展",财务"]
"department": ["development","finance"]
这对我有用.
KeyCloak版本11.0.2
KeyCloak version 11.0.2
这篇关于Keycloak映射多个用户属性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!