KeycloakClientBundle icon indicating copy to clipboard operation
KeycloakClientBundle copied to clipboard

Published 20 hours ago verified publisher icon mainick

$userRepresentation->attributes is always NULL in a standard Keycloak user configuration

Open stefanomarty opened this issue 1 year ago • 2 comments

I added some attributes to a user on Keycloak: attribute1 = value1 attribute2 = value2 etc. I haven't found any method to map these attributes in the token into an array called "attributes". I can assign a single attribute in the mapper by assigning Token Claim Name = 'attributes', but this method only inserts the value and not also the key of the attribute. Alternatively I can insert a JSON into the user, for example: "{'key1':'value1','key2':'value2'}" containing various attributes, always attributing Token Claim Name = 'attributes'. This system, in addition to being not very intuitive on the keycloak side, has the problem of the subsequent extraction in UserRepresentationDTO.php which expects an array and not a JSON. How could it be solved? Is there a method in keycloak to map all attributes of a user into a single array named "attributes"?

stefanomarty avatar Apr 27 '24 08:04 stefanomarty

Hi, which version of Keycloak are you using? Starting from version 24, Keycloak aims to support the user profile. In fact, the old-style attributes are disabled by default and no longer managed as they used to be.

https://github.com/keycloak/keycloak/issues/25528

Screenshot 2024-04-29 alle 17 25 21

mainick avatar Apr 29 '24 15:04 mainick

Hi mainick, thanks for your answer! I'm actually using the last Keycloak version (24.0.3) so I need to check this issue as I didn't know about this new behaviour in KC. But that issue was with the old KeycloakClientBundle version 1.30 where I had developed an authenticator by my own. Now I'm trying the new version with the proper authenticator.

I know this is not probably the right place to ask, but I'm struggling since yesterday with the new bundle version 2.1.1 and I am stuck to a point where I cannot get out from a loop between the Bundle and Keycloak. Here's what happens:

  • user try to access a protected resource
  • control goes to KeycloakAuthenticationEntryPoint.php
  • redirect (307) to KeycloakController::connect
  • user authenticates on Keycloak
  • after obtaining the authentication code control goes back to KeycloakController::check
  • $authorizationUrl is correctly fetched from the session and control goes to the protected resource URL via this instruction: return $loginReferrer ? $this->redirect($loginReferrer) : $this->redirect($defaultTargetRouteName);

At this point something wrong happens (at least in my configuration), the control goes back to KeycloakController::connect and the previous loop is repeated until the browser gives up.

It seems that after the redirect from KeycloakController::check the user is not recognized as authenticated.

I'm probably missing something but I do not know where to look :-(

Have you ever seen something like this?

stefanomarty avatar Apr 29 '24 15:04 stefanomarty

OK I found it, there was a leftover line in security.yaml (from my previous configuration) preventing your authenticator to correctly trigger the creation of the $user. It's now been solved, pls do not consider my previous msg thanks.

stefanomarty avatar May 01 '24 07:05 stefanomarty